Hi all, weird problem with DVD writers

ERROR INITIALIZING ASPI LAYER, NO DEVICES CONNECTED

Also HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:42:12, on 7/9/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\program files\steam\steam.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\MagicTune Premium\GammaTray.exe
C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\MagicTune Premium\MagicTune.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: WinInet Class - {a4dca795-b588-4be0-9463-7ff2864543b1} - C:\WINDOWS\system32\iehostcx32.dll (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: 796525 helper - {E7F15AC4-E0A9-43F0-921B-70DFEA621220} - C:\WINDOWS\system32\796525\796525.dll (file missing)
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [pp] C:\windows\pp10.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [xpprotect] C:\Documents and Settings\Hotmofo\XP Deluxe Protector\xpdeluxe.exe
O4 - HKCU\..\Run: [SYSDLL] SYSDLL
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: GammaTray.lnk = ?
O4 - Global Startup: NCProTray.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{3F76A70D-947F-4B47-A868-08E65CC89B7C}: NameServer = 213.174.139.72,192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{763E80E6-FC69-4F7B-8005-7E60302959B3}: NameServer = 213.174.139.72,192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{7D416D2F-6B9F-4336-929B-C39CDAF7D720}: NameServer = 213.174.139.72,192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{86B110CB-3617-43C7-9816-180475505721}: NameServer = 213.174.139.72,192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{B596C1FB-B2CF-48BE-98F2-D6820970E863}: NameServer = 213.174.139.72,192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{3F76A70D-947F-4B47-A868-08E65CC89B7C}: NameServer = 213.174.139.72,192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{3F76A70D-947F-4B47-A868-08E65CC89B7C}: NameServer = 213.174.139.72,192.168.1.1
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: MagicTuneEngine - Unknown owner - C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 8941 bytes

EDIT ADDED INFORMATION

I already know a few things that I believe to be bad I have bolded them---

Edited by Hotmofo, 09 July 2009 - 02:26 PM.

as no one has helped me please close this topic and i'll make a new one, maybe the topic title threw it off?

Hello and welcome to Bleeping Computer.

My name is Syler, I will be helping you to solve your Malware issues. Whilst I am helping you, I would
be grateful if you would note the following:

• Please do not run other tools or scans unless I ask you to and follow all the steps I give you, in order.
  
• Copy and paste all logs requested in you reply, Do not attach them unless asked too.
  
• If you don't know or understand something, please don't hesitate to say or ask before you proceed with my instructions.
  
• Please continue to work with me, until I tell you your machine appears to be clean. Absence of symptoms does not mean that everything is clear.
  
• If I do not hear back from you within 5 days of my last post, then this topic will be closed.

Please download Malwarebytes' Anti-Malware from Here

Note: If you already have Malwarebytes' Anti-Malware, just update then run it.

• Double Click mbam-setup.exe to install the application.
• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Full Scan", then click Scan (the scan may take some time to finish, so please be patient).
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy and Paste the entire report in your next reply .

Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Next

• Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
• Double click on RSIT.exe to run RSIT.
• Click Continue at the disclaimer screen.
• Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Then please post back here with the following:

• MBAM log
• log.txt
• info.txt

Thanks

Malwarebytes' Anti-Malware 1.39
Database version: 2421
Windows 5.1.2600 Service Pack 2

7/21/2009 00:15:04
mbam-log-2009-07-21 (00-15-04).txt

Scan type: Full Scan (C:\|)
Objects scanned: 165315
Time elapsed: 34 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 16
Registry Values Infected: 5
Registry Data Items Infected: 3
Folders Infected: 2
Files Infected: 250

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\wininetapp.wininet (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\wininetapp.wininet.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\y537.y537mgr (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\y537.y537mgr.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4b66e1df-4de3-4cda-83b5-11673eadab0b} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9692be2f-eb8f-49d9-a11c-c24c1ef734d5} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e7f15ac4-e0a9-43f0-921b-70dfea621220} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4dca795-b588-4be0-9463-7ff2864543b1} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{b360243e-09e8-402f-8721-00b6798089ad} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e7f15ac4-e0a9-43f0-921b-70dfea621220} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a4dca795-b588-4be0-9463-7ff2864543b1} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e7f15ac4-e0a9-43f0-921b-70dfea621220} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a4dca795-b588-4be0-9463-7ff2864543b1} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XP Deluxe Protector (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pp (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\don't load\scui.cpl (Hijack.SecurityCenter) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\don't load\wscui.cpl (Hijack.SecurityCenter) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdll (Worm.Autorun) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xpprotect (Rogue.DeluxeProtector) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\Hotmofo\XP Deluxe Protector (Rogue.DeluxeProtector) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\796525 (Trojan.BHO) -> Quarantined and deleted successfully.

Files Infected:
c:\documents and settings\Hotmofo\Desktop\jon's stuff\Programs\RS\rosetta.stone.v3.patch\Rosetta.Stone.V3.Patch.exe (Backdoor.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Hotmofo\local settings\Temp\defender32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\Hotmofo\local settings\temporary internet files\Content.IE5\0PA74TEF\k[1].php (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETdmtsbrrpfr.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETdpirrkjixe.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETdqvvpkukdm.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETdrofuglfhb.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETdrtqpquoip.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETdsaxeqbfvr.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETdthdvdlwlf.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETdwpbmqtqry.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETecldeetlef.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETeeiqxqberv.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETeeksxnobly.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETekpapsapsl.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETenexjstvok.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETepeugynjdw.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETeqxsmvjeou.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETewecvsfmnm.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETfbggreocew.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETfdipuxnwvx.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETfefbkklloq.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETfeigqmmqtu.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETqidcrmgpum.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETqkkkvufaud.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETqoshipevvm.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETqpeflrvxvr.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETqqqucqriwc.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETqrabeivvmb.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETqrnkiclpqt.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETqufdpyaxwv.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETqvtpgvlakc.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETrggiitoydk.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETrirjqpquor.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETritjwcgorl.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETrtcrbqisqs.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETrxvlqhnotv.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETscqfpymeip.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETsfiphplefh.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETshrmdvmbwe.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETsiaubcwpgn.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETsigumlklau.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETsiutuomphu.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETsohdhfihla.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETspaaxdtvmm.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETsyvrwattxi.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETtbmhgpqofh.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETtismqbwwbx.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETtkosstrqub.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETbtodyadtfu.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETdkcxcpvwcp.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETfkuwcqngyn.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNEThfosvxukkk.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETjooqoqkotg.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETlosgopmrqv.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNEToefnhakdhp.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETqhtgtyuvim.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETtlqxdyjemb.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETvlvmsibapx.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETxtbvrppbdw.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETlrjuuouhtg.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETlvmvrwqdlw.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETlxikutcsnd.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETmalxjxqsii.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETmdbfpxpvwy.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETmlgxdmjadf.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETmpcwkbdwjr.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETmqbvpejvle.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETmxkpeqialf.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETmykvsutyth.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETnalvwjsnqo.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETnanqyfjhub.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETnaojtfvnjm.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETnaydxolswk.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETnbvrxtqpih.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETneghrqkwua.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETngkfiuynrp.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETngntheqvnw.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETnkkogscvrv.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETnpbrrbblsc.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETnseephxnmo.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETntaihshsqd.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETntbrbttgjb.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETnulxmvqcgl.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETnygqtllutv.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETwbscqnetcs.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETwcyydfoqwk.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETwiblqpuxcs.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETwivrcrnmxt.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETwlhdcyaxxn.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETwosxdswusr.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETwsnkwluqoh.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETxbvtkpmqlb.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETxevsimvtht.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETxfmybnkrpu.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETxjkhmmtboj.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETxkyxsbvjkg.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETxldjeqhsew.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETxlnmbcrjib.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETxqggloiqke.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNEThhpcpgdxxe.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNEThjeswwpora.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNEThnbhuwewlk.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNEThqythdymea.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNEThrquyxlggi.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNEThvmvdicnld.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNEThxnbngsqga.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETiatbdmlvjj.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETibbbmwedff.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETidmkcfsqvd.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETidvxxtnjog.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETifrfuhuljw.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETigmbwhuqic.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETigyqdirxkb.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETiiamiqfrgn.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETimhbqpeisp.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETiorjkpijxy.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETioryiagiba.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETipfjwqxbsf.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETitvhaaomku.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETixgobxxerv.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETjesypbeagl.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETjmddhehawu.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETjnfdqxslga.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETaanlooycum.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETabjtnmjfos.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETaeomcccoki.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETagkaeflllr.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETagkvdaqpqu.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETakkdbfiomr.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETamtoercebk.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETancmallgwg.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETapkfjjyjov.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETavqiisnyhl.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETawartgxyet.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETbdrisaeuxp.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETbduljiqbdq.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETbhdekalbeg.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETbhiffekaxv.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETbidaopghoa.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETbindgjasll.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETofhjctyeds.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETogkqrnnjym.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNEToibcowptqs.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETolpbmiwlkj.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETopcwkbdwjr.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNEToqnuxddlji.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETpapjivlqvo.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETpcnqmgriqj.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETpdahueremi.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETpdmqdvwrir.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETpmdxdtgbrq.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETpnhmahpdfu.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETponsocrcjc.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETpowcakdsbq.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETppirsxusjn.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETprarjmtcfx.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETprcjmaucev.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETprmimmwkby.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETprqmnsidwf.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETpufoyptort.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETpyxpvjqlwt.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETqeoclhhtcn.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETqfbdhvikcd.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETqgqtypyvpa.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETqgurliyiav.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETfnlwssfyab.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETfppdmrchbo.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETfqxkolasqx.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETftetqnomxb.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETgaskmpaabr.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETgfrqlfpmjt.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETggattpvbxq.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETggqdvedlxm.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETgitmhpkomq.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETgmyvdxxsej.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETgpvfnvwygy.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETgqmthltnsv.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETgrbpfrtcrq.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETgsfkwaxgta.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETgsqfrrxhbi.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETgyjfnysidv.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETgyvvxbhvqy.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETtnbdvojtkf.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETubshblgyok.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETufpcbrxtcr.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETujiojrtswo.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETujwdsfebsv.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETukcqjyjjbh.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETumjppagkad.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETuqjbifbqcn.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETusruykhfuy.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETuvvbughagm.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETvbgsssutji.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETvcwdijqkbv.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETvdjtinlcga.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETvfawqlojeh.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETvggyphrghd.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETvijlkvcgev.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETvlgsklcwnh.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETjpoylgvcyp.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETjrdgkuovmc.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETkaaflntdjb.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETkajvjpemmw.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETkbxwfbburi.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETkipbqbvfyq.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETkjhybxhmwn.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETkkpnmbkjyv.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETkmhosnotiv.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETkmxodosqow.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETktfmmanhof.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETktuaqltgau.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETkviciwsfll.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETkxiiqjrtge.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETlamkdsyqqd.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETlbbuebbwdn.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETlbuqkvkgii.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETljgkfshoyn.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETllxjlsnvbu.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETlokuhwnjyh.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETbtpqowcllm.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETbvsctswjpo.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETcbnnrdrvau.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETccnnqgitqe.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETchgfpcdmbr.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETciaifxgmda.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETcjfuveaeii.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETcldhflcecg.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETcopbfqkmsg.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETcptsfgluay.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETcqcnprkduw.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETcwyppqcoeb.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETddjcpvqfot.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETdejkkthcsw.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETdfnlkobuhf.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETdhdujwlrvy.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETxthwmcethp.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETxuhdxjipka.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETydeyltxqfx.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETylvwsdapkw.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETymlggmuuhd.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETyohluoytad.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\SKYNETyrgpscubwq.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\sonce122570.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
C:\WINDOWS\bf23567.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\SKYNETsamcfpvj.dat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\SKYNETtpbrjtpe.dat (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\934fdfg34fgjf23 (Worm.KoobFace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\SKYNETyilisvdj.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\drivers\SKYNETwgjcxxmv.sys (Trojan.Agent) -> Quarantined and deleted successfully.



Logfile of random's system information tool 1.06 (written by random/random)
Run by Hotmofo at 2009-07-21 08:19:37
Microsoft Windows XP Professional Service Pack 2
System drive C: has 113 GB (47%) free of 238 GB
Total RAM: 2046 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:19:37, on 7/21/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\program files\steam\steam.exe
C:\Program Files\MagicTune Premium\GammaTray.exe
C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MagicTune Premium\MagicTune.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Hotmofo\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Hotmofo.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: GammaTray.lnk = ?
O4 - Global Startup: NCProTray.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: MagicTuneEngine - Unknown owner - C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 7671 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\WGASetup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.3.1.15.dll [2009-01-16 656696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-07 41368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-07 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-09-12 16264192]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"NVIDIA nTune"=C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe [2006-09-13 81920]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-04-26 13529088]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-04-26 86016]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-07 148888]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-07-17 266497]
"lxcrmon.exe"=C:\Program Files\Lexmark 2400 Series\lxcrmon.exe [2006-03-06 286720]
"EzPrint"=C:\Program Files\Lexmark 2400 Series\ezprint.exe [2006-02-06 98304]
"FaxCenterServer"=C:\Program Files\Lexmark Fax Solutions\fm3032.exe [2006-02-02 290816]
"LXCRCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16 []
"nmctxth"=C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe [2008-12-12 642856]
"nmapp"=C:\Program Files\Pure Networks\Network Magic\nmapp.exe [2008-12-14 467240]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"PeerGuardian"=C:\Program Files\PeerGuardian2\pg2.exe [2005-09-18 1421824]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe []
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-08-08 490952]
"Steam"=c:\program files\steam\steam.exe [2009-06-17 1217784]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
GammaTray.lnk - C:\Program Files\MagicTune Premium\GammaTray.exe
NCProTray.lnk - C:\Program Files\SEC\Natural Color Pro\NCProTray.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\FrostWire\FrostWire.exe"="C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire"
"C:\Program Files\Curse\CurseClient.exe"="C:\Program Files\Curse\CurseClient.exe:*:Enabled:Curse Client"
"C:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe"="C:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe:*:Enabled:Left 4 Dead"
"C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Platform Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{67e06c51-40cc-11dd-9ac4-806d6172696f}]
shell\AutoRun\command - D:\monsetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{67e06c52-40cc-11dd-9ac4-806d6172696f}]
shell\AutoRun\command - E:\install.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{afcfd2d5-4339-11dd-a37a-806d6172696f}]
shell\AutoRun\command - E:\Installer.exe


======List of files/folders created in the last 3 months======

2009-07-20 21:15:43 ----D---- C:\rsit
2009-07-20 21:13:56 ----D---- C:\Documents and Settings\Hotmofo\Application Data\Malwarebytes
2009-07-20 21:13:51 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-07-20 21:13:51 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-07-15 03:01:35 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-15 03:01:31 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-15 03:01:15 ----A---- C:\WINDOWS\system32\MRT.INI
2009-07-15 03:00:15 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2009-07-09 11:42:05 ----D---- C:\Program Files\Trend Micro
2009-07-09 11:34:34 ----N---- C:\WINDOWS\UNNeroBurnRights.exe
2009-07-09 11:34:34 ----D---- C:\Program Files\Ahead
2009-07-09 11:34:34 ----A---- C:\WINDOWS\system32\NeroCo.dll
2009-07-08 22:14:41 ----HD---- C:\WINDOWS\system32\GroupPolicy
2009-07-08 22:12:09 ----A---- C:\New Text Document.txt
2009-07-08 22:02:56 ----D---- C:\Documents and Settings\Hotmofo\Application Data\ImgBurn
2009-07-08 22:02:22 ----D---- C:\Program Files\ImgBurn
2009-07-07 11:20:06 ----D---- C:\Temp
2009-07-07 10:46:11 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-07-07 09:07:57 ----A---- C:\WINDOWS\MCDB.ini
2009-07-07 09:04:25 ----A---- C:\WINDOWS\system32\dvdwincd20.dll
2009-07-07 09:04:23 ----D---- C:\Program Files\ISO Burner
2009-07-07 09:04:23 ----A---- C:\WINDOWS\system32\DVDCD.dll
2009-06-30 01:02:27 ----D---- C:\Program Files\Curse
2009-06-29 23:27:12 ----D---- C:\Program Files\World of Warcraft
2009-06-25 17:17:37 ----A---- C:\WINDOWS\yoo_1245975456.exe
2009-06-10 03:01:37 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-06-10 03:01:24 ----HDC---- C:\WINDOWS\$NtUninstallKB969897$
2009-06-10 03:01:18 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-06-10 03:00:25 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-06-10 03:00:17 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-06-04 16:11:16 ----D---- C:\Documents and Settings\Hotmofo\Application Data\CyberLink
2009-06-04 16:10:40 ----D---- C:\Program Files\Common Files\Moonlight
2009-06-04 16:10:20 ----D---- C:\Documents and Settings\All Users\Application Data\CyberLink
2009-06-04 16:10:13 ----D---- C:\Program Files\Common Files\CyberLink
2009-06-04 16:09:34 ----D---- C:\Program Files\CyberLink
2009-06-04 16:09:26 ----A---- C:\WINDOWS\system32\msxml3a.dll
2009-05-19 17:10:19 ----D---- C:\Documents and Settings\All Users\Application Data\Blizzard
2009-05-11 22:32:43 ----D---- C:\Program Files\Common Files\Blizzard Entertainment

======List of files/folders modified in the last 3 months======

2009-07-21 08:19:37 ----D---- C:\WINDOWS\Temp
2009-07-21 08:17:42 ----D---- C:\Program Files\Mozilla Firefox
2009-07-21 08:15:40 ----D---- C:\WINDOWS\Prefetch
2009-07-21 00:16:44 ----D---- C:\Program Files\lx_cats
2009-07-21 00:16:29 ----D---- C:\Program Files\Steam
2009-07-21 00:16:02 ----D---- C:\WINDOWS\system32\drivers
2009-07-21 00:16:02 ----D---- C:\WINDOWS\system32
2009-07-21 00:15:29 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-21 00:15:04 ----D---- C:\WINDOWS
2009-07-20 21:13:51 ----RD---- C:\Program Files
2009-07-15 03:10:05 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-15 03:01:37 ----HD---- C:\WINDOWS\inf
2009-07-15 03:01:35 ----HD---- C:\WINDOWS\$hf_mig$
2009-07-15 03:01:33 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-07-15 03:01:33 ----A---- C:\WINDOWS\imsins.BAK
2009-07-08 22:16:11 ----D---- C:\WINDOWS\security
2009-07-08 22:13:35 ----SHD---- C:\WINDOWS\Installer
2009-07-08 22:13:34 ----AC---- C:\WINDOWS\OEWABLog.txt
2009-07-08 22:03:29 ----D---- C:\Documents and Settings
2009-07-07 10:51:41 ----D---- C:\Program Files\Common Files
2009-07-07 10:49:28 ----D---- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
2009-07-07 10:46:01 ----A---- C:\WINDOWS\system32\javaws.exe
2009-07-07 10:46:01 ----A---- C:\WINDOWS\system32\javaw.exe
2009-07-07 10:46:01 ----A---- C:\WINDOWS\system32\java.exe
2009-07-07 10:45:59 ----D---- C:\Program Files\Java
2009-07-07 10:24:04 ----HD---- C:\Program Files\InstallShield Installation Information
2009-07-07 08:10:56 ----A---- C:\WINDOWS\system32\MRT.exe
2009-07-07 07:05:00 ----D---- C:\Program Files\BitComet
2009-07-06 22:04:53 ----A---- C:\WINDOWS\NeroDigital.ini
2009-07-03 22:14:54 ----D---- C:\Documents and Settings\Hotmofo\Application Data\Ahead
2009-07-03 22:10:27 ----D---- C:\Documents and Settings\All Users\Application Data\Ahead
2009-07-01 15:51:46 ----D---- C:\Documents and Settings\Hotmofo\Application Data\FrostWire
2009-06-22 22:18:46 ----D---- C:\Documents and Settings\Hotmofo\Application Data\wootalyzer
2009-06-17 19:17:34 ----D---- C:\Program Files\PeerGuardian2
2009-06-16 07:55:16 ----A---- C:\WINDOWS\system32\t2embed.dll
2009-06-16 07:55:16 ----A---- C:\WINDOWS\system32\fontsub.dll
2009-06-14 11:59:36 ----D---- C:\Documents and Settings\Hotmofo\Application Data\Macromedia
2009-06-14 11:59:35 ----D---- C:\WINDOWS\system32\Macromed
2009-06-10 11:45:57 ----D---- C:\Downloads
2009-06-10 03:01:28 ----D---- C:\Program Files\Internet Explorer
2009-06-04 16:55:58 ----D---- C:\Program Files\Common Files\InstallShield
2009-06-04 16:09:30 ----D---- C:\WINDOWS\WinSxS
2009-06-04 16:09:30 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-06-04 16:09:05 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-06-03 12:27:58 ----A---- C:\WINDOWS\system32\quartz.dll
2009-05-24 07:09:39 ----D---- C:\WINDOWS\system32\Adobe
2009-05-23 18:25:32 ----D---- C:\Documents and Settings\Hotmofo\Application Data\Adobe
2009-05-16 20:49:22 ----D---- C:\Program Files\Pontifex II
2009-05-11 11:20:42 ----D---- C:\Documents and Settings\Hotmofo\Application Data\dvdcss
2009-05-07 08:44:00 ----A---- C:\WINDOWS\system32\localspl.dll
2009-04-28 21:52:44 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-04-28 21:52:42 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-04-28 21:52:42 ----A---- C:\WINDOWS\system32\browseui.dll
2009-04-28 21:52:41 ----A---- C:\WINDOWS\system32\shlwapi.dll
2009-04-28 21:52:41 ----A---- C:\WINDOWS\system32\mshtmled.dll
2009-04-28 21:52:41 ----A---- C:\WINDOWS\system32\jsproxy.dll
2009-04-28 21:52:40 ----A---- C:\WINDOWS\system32\wininet.dll
2009-04-28 21:52:40 ----A---- C:\WINDOWS\system32\shdocvw.dll
2009-04-28 21:52:39 ----A---- C:\WINDOWS\system32\pngfilt.dll
2009-04-28 21:52:39 ----A---- C:\WINDOWS\system32\mstime.dll
2009-04-28 21:52:38 ----A---- C:\WINDOWS\system32\msrating.dll
2009-04-28 21:52:38 ----A---- C:\WINDOWS\system32\inseng.dll
2009-04-28 21:52:38 ----A---- C:\WINDOWS\system32\iepeers.dll
2009-04-28 21:52:38 ----A---- C:\WINDOWS\system32\ieencode.dll
2009-04-28 21:52:38 ----A---- C:\WINDOWS\system32\extmgr.dll
2009-04-28 21:52:38 ----A---- C:\WINDOWS\system32\dxtrans.dll
2009-04-28 21:52:38 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2009-04-28 21:52:37 ----A---- C:\WINDOWS\system32\danim.dll
2009-04-28 21:52:36 ----A---- C:\WINDOWS\system32\cdfview.dll
2009-04-28 14:33:58 ----D---- C:\Program Files\Google
2009-04-27 02:18:42 ----A---- C:\WINDOWS\system32\xpsp3res.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-05-27 75096]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
R1 NCPro;NCPro; C:\WINDOWS\system32\drivers\MTictwl.sys [2007-11-29 13184]
R1 NVTCP;NVIDIA TCP/IP Protocol Driver; C:\WINDOWS\System32\DRIVERS\NVTcp.sys [2006-08-07 110080]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 pnarp;Pure Networks Device Discovery Driver; C:\WINDOWS\system32\DRIVERS\pnarp.sys [2008-12-12 23984]
R2 purendis;Pure Networks Wireless Driver; C:\WINDOWS\system32\DRIVERS\purendis.sys [2008-12-12 25264]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-04 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-09-12 4381184]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-04-26 6536192]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-08-07 52736]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-08-07 18944]
R3 NVR0Dev;NVR0Dev; \??\C:\WINDOWS\nvoclock.sys []
R3 pgfilter;pgfilter; \??\C:\Program Files\PeerGuardian2\pgfilter.sys []
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S2 npkcrypt;npkcrypt; \??\C:\Nexon\MapleStory\npkcrypt.sys []
S3 avszrjug;avszrjug; C:\WINDOWS\system32\drivers\avszrjug.sys []
S3 MagicTune;MagicTune; C:\WINDOWS\system32\drivers\MTiCtwl.sys [2007-11-29 13184]
S3 npkcusb;npkcusb; \??\C:\Nexon\MapleStory\npkcusb.sys []
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 xnacc;Microsoft Common Controller For Windows Driver Service; C:\WINDOWS\system32\DRIVERS\xnacc.sys [2005-09-15 476672]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirScheduler;Avira AntiVir Personal – Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-23 68865]
R2 AntiVirService;Avira AntiVir Personal – Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-23 151297]
R2 ForceWare Intelligent Application Manager (IAM);ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe [2006-09-08 172032]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-07 152984]
R2 MagicTuneEngine;MagicTuneEngine; C:\Program Files\MagicTune Premium\MagicTuneEngine.exe [2007-08-23 45056]
R2 nmservice;Pure Networks Platform Service; C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [2008-12-12 642856]
R2 nSvcIp;ForceWare IP service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe [2006-09-08 172090]
R2 nTuneService;nTune Service; C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe [2006-09-13 118784]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-04-26 159812]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R3 lxcr_device;lxcr_device; C:\WINDOWS\system32\lxcrcoms.exe [2006-02-20 495616]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-09-28 658432]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe []
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------



and it wont open info.txt, only log.txt not sure why, any reason it might not open it? i followed your instructions

on a related note my dvd burner is working properly again!!!!!!! thanks so much for that I was going to reformat my hard drive but i guess i wont have to!

Edited by Hotmofo, 21 July 2009 - 10:27 AM.

One or more of the identified infections is a backdoor trojan/Rootkit.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

If you decide you want to proceed with trying to clean your machine please follow these next steps.


We will begin with ComboFix.

Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  
• Double click on ComboFix.exe & follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed, click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix


The Rsit log is located here C:\rsit\info.txt please post this along with Combofix.txt in your next reply.

Thanks

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.