vundo help

Computing.Net > Forums > Security and Virus > vundo help

Computing.Net: Over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to sign up now, it's free!

Original Message

Name: xxtsxx
Date: March 1, 2008 at 12:45:01 Pacific
Subject: vundo help
OS: windows XP
CPU/Ram: AMD 64 Anthlon 1GB Ram
Model/Manufacturer: Hp

Comment:

I have vundo and i need some help. I have installed vundofix, hijackthis, and combofix. Could somebody please help me with removing it.

Report Offensive Message For Removal

Response Number 1

Name: jabuck
Date: March 1, 2008 at 18:57:25 Pacific

Reply: (edit)

Go to the this link:
Disable Realtime Protection
Follow their directions to disable any realtime protection that you have as it will interfere with the fix by reinstalling the corrupt files.
Please download Atribune's VundoFix.exe from the following site to your desktop:
Vundofix.exe

Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files,
click "yes".
Once you click yes, your desktop will go blank as it starts removing
Vundo.
When completed, it will prompt that it will reboot your computer,
click "ok".
Please download and install the latest version of HijackThis v2.0.2:

Download the "HijackThis" Installer from this link:
Hijack This

1. Save " HJTInstall.exe" to your desktop.
2. Double click on HJTInstall.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
8. Paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
Please download ComboFix to the desktop from one of the following links:
Link1
Link 2
Link 3

Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to hang.)
Please post the log it produces.

Report Offensive Follow Up For Removal

Response Number 2

Name: xxtsxx
Date: March 2, 2008 at 09:03:59 Pacific

Reply: (edit)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:11, on 2008-03-01
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe
C:\PROGRA~1\Yahoo!\PARENT~1\ypc .exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\YPCSER~1.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx .exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher .exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp .exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\BroadJump\Client Foundation\CFD .exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB .exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
C:\WINDOWS\system32\hphmon06.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon .exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\WINDOWS\system32\hphmon06 .exe
C:\Program Files\dvd43\dvd43_tray .exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper .exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched .exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent .exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\InterMute\SpySubtract\SpySub.exe
C:\WINDOWS\system32\rundll32.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Downloads\VundoFix.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\CF25816.exe
C:\Documents and Settings\Tommy\Desktop\HiJackThis.exe
C:\WINDOWS\system32\CF25816.exe
C:\ComboFix\vfind.cfexe
C:\WINDOWS\system32\CF25816.exe
C:\ComboFix\vfind.cfexe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?T...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?T...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cus...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
F3 - REG:win.ini: load=C:\WINDOWS\system32\mljgf.exe
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe" /run
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [YPC] C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BM4a8f37db] Rundll32.exe "C:\WINDOWS\system32\caaeivfi.dll",s
O4 - HKLM\..\Run: [49bc0447] rundll32.exe "C:\WINDOWS\system32\otwwgpyi.dll",b
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - Startup: PowerReg Scheduler V3 .exe
O4 - Startup: PowerReg Scheduler V3 .exe
O4 - Startup: PowerReg Scheduler V3 .exe
O4 - Startup: PowerReg Scheduler V3 .exe
O4 - Startup: PowerReg Scheduler V3 .exe
O4 - Startup: PowerReg Scheduler V3 .exe
O4 - Startup: PowerReg Scheduler V3 .exe
O4 - Startup: PowerReg Scheduler V3 .exe
O4 - Startup: PowerReg Scheduler V3 .exe
O4 - Startup: PowerReg Scheduler V3 .exe
O4 - Startup: PowerReg Scheduler V3 .exe
O4 - Startup: PowerReg Scheduler V3 .exe
O4 - Startup: PowerReg Scheduler V3 .exe
O4 - Startup: PowerReg Scheduler V3 .exe
O4 - Startup: PowerReg Scheduler V3 .exe
O4 - Startup: PowerReg Scheduler V3 .exe
O4 - Startup: PowerReg Scheduler V3 .exe
O4 - Startup: PowerReg Scheduler V3 .exe
O4 - Startup: PowerReg Scheduler V3 .exe
O4 - Startup: PowerReg Scheduler V3 .exe
O4 - Startup: PowerReg Scheduler V3 .exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\sslaunch.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Myxer - Send image to phone! - http://www.myxertones.com/magic/ie/
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?lin...
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://o.aolcdn.com/pictures/ap/Res...
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper2007261.dll
O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/XSL/m...
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online...
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/Co...
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls...
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windows...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexp...
O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} (WildTangent Control) - file://F:\games\WebDriverFullInstall.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
--
End of file - 19266 bytes

ComboFix 08-03-01.3 - Tommy 2008-03-02 11:13:38.2 - NTFSx86
Running from: C:\Documents and Settings\Tommy\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Tommy\Start Menu\Programs\Startup\PowerReg Scheduler V3 .exe
C:\Documents and Settings\Tommy\Start Menu\Programs\Startup\PowerReg Scheduler V3 .exe
C:\Documents and Settings\Tommy\Start Menu\Programs\Startup\PowerReg Scheduler V3 .exe
C:\Documents and Settings\Tommy\Start Menu\Programs\Startup\PowerReg Scheduler V3 .exe
C:\Documents and Settings\Tommy\Start Menu\Programs\Startup\PowerReg Scheduler V3 .exe
C:\Documents and Settings\Tommy\Start Menu\Programs\Startup\PowerReg Scheduler V3 .exe
C:\Documents and Settings\Tommy\Start Menu\Programs\Startup\PowerReg Scheduler V3 .exe
C:\Documents and Settings\Tommy\Start Menu\Programs\Startup\PowerReg Scheduler V3 .exe
C:\Documents and Settings\Tommy\Start Menu\Programs\Startup\PowerReg Scheduler V3 .exe
C:\Documents and Settings\Tommy\Start Menu\Programs\Startup\PowerReg Scheduler V3 .exe
C:\Documents and Settings\Tommy\Start Menu\Programs\Startup\PowerReg Scheduler V3 .exe
C:\Documents and Settings\Tommy\Start Menu\Programs\Startup\PowerReg Scheduler V3 .exe
C:\Documents and Settings\Tommy\Start Menu\Programs\Startup\PowerReg Scheduler V3 .exe
C:\Documents and Settings\Tommy\Start Menu\Programs\Startup\PowerReg Scheduler V3 .exe
C:\Documents and Settings\Tommy\Start Menu\Programs\Startup\PowerReg Scheduler V3 .exe
C:\Documents and Settings\Tommy\Start Menu\Programs\Startup\PowerReg Scheduler V3 .exe
C:\Documents and Settings\Tommy\Start Menu\Programs\Startup\PowerReg Scheduler V3 .exe
C:\Documents and Settings\Tommy\Start Menu\Programs\Startup\PowerReg Scheduler V3 .exe
C:\Documents and Settings\Tommy\Start Menu\Programs\Startup\PowerReg Scheduler V3 .exe
C:\Documents and Settings\Tommy\Start Menu\Programs\Startup\PowerReg Scheduler V3 .exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBoot
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe.tmp
C:\WINDOWS\system32\fgjlm.ini
C:\WINDOWS\system32\fgjlm.ini2
C:\WINDOWS\system32\mljgf.dll
C:\WINDOWS\system32\mljgf.exe
.
---- Previous Run -------
.
c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\Yahoo!\PARENT~1\ypc.exe
C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe
C:\Program Files\IGN\Download Manager\DLM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
c:\program files\steam\steam.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\Fonts\-
C:\WINDOWS\mrofinu.exe
C:\WINDOWS\mrofinu1188 .exe
C:\WINDOWS\mrofinu1188.exe
C:\WINDOWS\system32\aecamouc.ini
C:\WINDOWS\system32\almyhyeb.dll
C:\WINDOWS\system32\apycsomj.dll
C:\WINDOWS\system32\aqcfddpg.dll
C:\WINDOWS\system32\arypwmem.dll
C:\WINDOWS\system32\awijtiwi.dll
C:\WINDOWS\system32\bbabgucx.dll
C:\WINDOWS\system32\bdwoanoa.dll
C:\WINDOWS\system32\bmlbsuvd.dll
C:\WINDOWS\system32\bowiuquk.ini
C:\WINDOWS\system32\bubechxj.dll
C:\WINDOWS\system32\caaeivfi.dll
C:\WINDOWS\system32\cavgwqog.dll
C:\WINDOWS\system32\ccdmohqd.dll
C:\WINDOWS\system32\cclrkulf.dll
C:\WINDOWS\system32\cebcsldy.ini
C:\WINDOWS\system32\cfxbesst.dll
C:\WINDOWS\system32\cfxytwoj.dll
C:\WINDOWS\system32\cfygofbr.dll
C:\WINDOWS\system32\chpayagn.dll
C:\WINDOWS\system32\chpydmgw.dll
C:\WINDOWS\system32\ckqsstpn.dll
C:\WINDOWS\system32\cndceeuw.dll
C:\WINDOWS\system32\cpnlbuhg.dll
C:\WINDOWS\system32\crhlqnfd.dll
C:\WINDOWS\system32\cshjbmcx.dll
C:\WINDOWS\system32\csppskwu.dll
C:\WINDOWS\system32\ctdtpqgn.dll
C:\WINDOWS\system32\ctfmon.exe.tmp
C:\WINDOWS\system32\cuomacea.dll
C:\WINDOWS\system32\cwfxtcac.dll
C:\WINDOWS\system32\cycivpdy.dll
C:\WINDOWS\system32\dehcuftg.dll
C:\WINDOWS\system32\dfeorrxo.dll
C:\WINDOWS\system32\dseuucsc.dll
C:\WINDOWS\system32\dxmoaxrd.dll
C:\WINDOWS\system32\dytwvmvr.dll
C:\WINDOWS\system32\ecevqglo.dll
C:\WINDOWS\system32\elvtcmrq.dll
C:\WINDOWS\system32\eobieayu.dll
C:\WINDOWS\system32\eoerxwgh.dll
C:\WINDOWS\system32\epopyrlk.dll
C:\WINDOWS\system32\erjskdki.dll
C:\WINDOWS\system32\eufijmpr.dll
C:\WINDOWS\system32\fdmbdvdy.dll
C:\WINDOWS\system32\fgjlm.ini
C:\WINDOWS\system32\fgjlm.ini2
C:\WINDOWS\system32\fopnvpkx.dll
C:\WINDOWS\system32\fpewfyml.dll
C:\WINDOWS\system32\fvjhmpma.dll
C:\WINDOWS\system32\gcsrtofb.dll
C:\WINDOWS\system32\gcwwgecl.dll
C:\WINDOWS\system32\gebcdab.dll
C:\WINDOWS\system32\ggdvwncu.dll
C:\WINDOWS\system32\ghgnokqm.dll
C:\WINDOWS\system32\giotgfru.dll
C:\WINDOWS\system32\gmacevob.dll
C:\WINDOWS\system32\goacxqhe.dll
C:\WINDOWS\system32\gpcdscup.dll
C:\WINDOWS\system32\gsouiupk.dll
C:\WINDOWS\system32\gwfdwyrv.dll
C:\WINDOWS\system32\gwuboqej.ini
C:\WINDOWS\system32\hemgskpe.dll
C:\WINDOWS\system32\hphmon06.exe
C:\WINDOWS\system32\hsicrjwo.dll
C:\WINDOWS\system32\hvvrthyh.dll
C:\WINDOWS\system32\iypgwwto.ini
C:\WINDOWS\system32\jceiqtbc.dll
C:\WINDOWS\system32\jcjwljfr.dll
C:\WINDOWS\system32\jdorkeji.dll
C:\WINDOWS\system32\jeqobuwg.dll
C:\WINDOWS\system32\jkkrlryp.dll
C:\WINDOWS\system32\jljxuckj.dll
C:\WINDOWS\system32\jlkcbqbo.dll
C:\WINDOWS\system32\jmoscypa.ini
C:\WINDOWS\system32\jqfonsbj.dll
C:\WINDOWS\system32\jqotvipd.dll
C:\WINDOWS\system32\jsucypnp.dll
C:\WINDOWS\system32\juwcrhpo.dll
C:\WINDOWS\system32\jyufghwm.dll
C:\WINDOWS\system32\kalbpwxg.dll
C:\WINDOWS\system32\kkjtfbwm.ini
C:\WINDOWS\system32\kqqiajaq.dll
C:\WINDOWS\system32\ksurcnmi.dll
C:\WINDOWS\system32\ktbxyopt.dll
C:\WINDOWS\system32\kuquiwob.dll
C:\WINDOWS\system32\kxmckpvm.dll
C:\WINDOWS\system32\kyqcmgxu.dll
C:\WINDOWS\system32\lhhyqasv.dll
C:\WINDOWS\system32\lvkwbakj.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mkjhaysg.dll
C:\WINDOWS\system32\mljgf.dll
C:\WINDOWS\system32\mljgf.exe
C:\WINDOWS\system32\mlukxpju.dll
C:\WINDOWS\system32\mmhgmjuv.dll
C:\WINDOWS\system32\mmrhxnkl.dll
C:\WINDOWS\system32\mrkbbfto.dll
C:\WINDOWS\system32\mwbftjkk.dll
C:\WINDOWS\system32\mxyckiai.dll
C:\WINDOWS\system32\ndhdqlgw.dll
C:\WINDOWS\system32\nGpxx18
C:\WINDOWS\system32\nGpxx18\nGpxx182328.exe
C:\WINDOWS\system32\nxaexctc.dll
C:\WINDOWS\system32\ojitcagb.dll
C:\WINDOWS\system32\ophrcwuj.ini
C:\WINDOWS\system32\otwwgpyi.dll
C:\WINDOWS\system32\oxrroefd.ini
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pibdjqmb.dll
C:\WINDOWS\system32\ptdejhwi.dll
C:\WINDOWS\system32\qawpdktp.dll
C:\WINDOWS\system32\qkubikaf.dll
C:\WINDOWS\system32\qnvpnuhr.dll
C:\WINDOWS\system32\qorfltwk.dll
C:\WINDOWS\system32\qrmctvle.ini
C:\WINDOWS\system32\qvxnawoh.dll
C:\WINDOWS\system32\raedrenn.dll
C:\WINDOWS\system32\rahloilb.dll
C:\WINDOWS\system32\rbdcxiti.dll
C:\WINDOWS\system32\rersdbci.dll
C:\WINDOWS\system32\rojavkiy.dll
C:\WINDOWS\system32\rrhsnxuj.dll
C:\WINDOWS\system32\rrvqlkkt.dll
C:\WINDOWS\system32\sablmuap.dll
C:\WINDOWS\system32\sdaksfkr.dll
C:\WINDOWS\system32\sdytqbex.dll
C:\WINDOWS\system32\sexvljmf.dll
C:\WINDOWS\system32\sgffnyia.dll
C:\WINDOWS\system32\tciauxlb.dll
C:\WINDOWS\system32\tfehlkvl.dll
C:\WINDOWS\system32\thdywekk.dll
C:\WINDOWS\system32\toanejav.dll
C:\WINDOWS\system32\tqghrxuv.dll
C:\WINDOWS\system32\tquxikho.dll
C:\WINDOWS\system32\uhwmnfbm.dll
C:\WINDOWS\system32\ujpxkulm.ini
C:\WINDOWS\system32\upyhejyu.dll
C:\WINDOWS\system32\ushgfhdu.dll
C:\WINDOWS\system32\uwjjrija.dll
C:\WINDOWS\system32\uwksppsc.ini
C:\WINDOWS\system32\vajenaot.ini
C:\WINDOWS\system32\vbgikdhy.dll
C:\WINDOWS\system32\vhirvkpx.dll
C:\WINDOWS\system32\vnrxkrsd.dll
C:\WINDOWS\system32\vodowryd.dll
C:\WINDOWS\system32\vrcbbjdy.dll
C:\WINDOWS\system32\vrtvjnfi.dll
C:\WINDOWS\system32\vubxrsya.dll
C:\WINDOWS\system32\vundgtoe.dll
C:\WINDOWS\system32\vwdddsli.dll
C:\WINDOWS\system32\vyhdpbos.dll
C:\WINDOWS\system32\whldavmr.dll
C:\WINDOWS\system32\windows
C:\WINDOWS\system32\wmseeyey.dll
C:\WINDOWS\system32\woosextg.dll
C:\WINDOWS\system32\wotekwwx.dll
C:\WINDOWS\system32\wuydnbvy.dll
C:\WINDOWS\system32\wvusqpm.dll
C:\WINDOWS\system32\wyqrjotk.dll
C:\WINDOWS\system32\xbqqoexn.dll
C:\WINDOWS\system32\xebqtyds.ini
C:\WINDOWS\system32\xgiwnccw.dll
C:\WINDOWS\system32\xsiirtfl.dll
C:\WINDOWS\system32\xuihlmbp.dll
C:\WINDOWS\system32\xwwketow.ini
C:\WINDOWS\system32\ydlscbec.dll
C:\WINDOWS\system32\yfnrjpsc.dll
C:\WINDOWS\system32\ygrlnvnf.dll
C:\WINDOWS\system32\ypenooxg.dll
C:\WINDOWS\system32\ytbnillx.dll
C:\WINDOWS\system32\yvfajsyx.dll
C:\WINDOWS\system32\yvhrtkwe.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_DOMAINSERVICE

((((((((((((((((((((((((( Files Created from 2008-02-02 to 2008-03-02 )))))))))))))))))))))))))))))))
.
2008-03-01 17:58 . 2008-03-02 07:39 <DIR> d-------- C:\Documents and Settings\Tami\Application Data\Spyware Terminator
2008-03-01 16:45 . 2008-03-01 16:45 <DIR> d-------- C:\Program Files\WinClamAVShield
2008-03-01 16:11 . 2008-03-01 16:11 <DIR> d-------- C:\Program Files\Crawler
2008-03-01 16:10 . 2008-03-02 11:11 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-03-01 16:10 . 2008-03-01 16:47 <DIR> d-------- C:\Documents and Settings\Tommy\Application Data\Spyware Terminator
2008-03-01 16:10 . 2008-03-02 07:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-03-01 16:10 . 2008-03-01 16:10 138,752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-03-01 15:06 . 2008-03-02 09:00 <DIR> d-------- C:\VundoFix Backups
2008-03-01 15:04 . 2008-03-01 15:04 13,811 --a------ C:\WINDOWS\system32\cediuwji.dll
2008-02-29 22:52 . 2008-02-29 22:52 5,376 --a------ C:\WINDOWS\system32\drivers\MS1000.sys
2008-02-29 16:56 . 2008-03-01 15:03 <DIR> d-------- C:\Program Files\The Cleaner Free
2008-02-29 16:14 . 2008-02-29 16:14 <DIR> d-------- C:\Program Files\CCleaner
2008-02-29 16:13 . 2008-02-29 16:13 <DIR> d-------- C:\Program Files\Vopt8
2008-02-27 17:34 . 2008-02-27 17:33 350,208 --a------ C:\WINDOWS\system32\OLD17E.tmp
2008-02-27 16:03 . 2008-02-27 16:02 33,846 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.bmp
2008-02-27 16:03 . 2008-02-27 16:03 3,400 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.dat
2008-02-27 13:12 . 2008-02-29 21:23 1,314 ---hs---- C:\WINDOWS\system32\etqttywe.ini
2008-02-26 19:18 . 2008-02-26 19:18 333,312 --a------ C:\WINDOWS\system32\RCX15B.tmp
2008-02-26 18:38 . 2006-11-13 13:45 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-02-26 18:38 . 2007-05-04 15:54 22,528 --a------ C:\WINDOWS\system32\drivers\motmodem.sys
2008-02-25 13:11 . 2008-02-26 13:11 474 ---hs---- C:\WINDOWS\system32\mshbceap.ini
2008-02-25 13:02 . 2008-03-01 14:59 99,367 --a------ C:\WINDOWS\BM4a8f37db.xml
2008-02-25 13:02 . 2008-03-01 14:58 22 --a------ C:\WINDOWS\pskt.ini
2008-02-24 16:41 . 2008-02-24 16:42 <DIR> d-------- C:\Program Files\Game Copier
2008-02-24 13:10 . 2008-02-24 13:10 20,708 --a------ C:\WINDOWS\system32\wdjprihc.dll
2008-02-23 13:03 . 2008-02-24 13:03 954 ---hs---- C:\WINDOWS\system32\ytnvsvts.ini
2008-02-23 13:00 . 2008-02-23 13:00 20,708 --a------ C:\WINDOWS\system32\drnveruk.dll
2008-02-22 16:04 . 2008-02-23 12:01 894 ---hs---- C:\WINDOWS\system32\wpdcahgq.ini
2008-02-21 16:06 . 2008-02-22 16:07 714 ---hs---- C:\WINDOWS\system32\asepldqs.ini
2008-02-21 15:57 . 2008-02-21 15:57 13,811 --a------ C:\WINDOWS\system32\gkpjtreq.dll
2008-02-21 15:38 . 2008-02-21 15:38 <DIR> d-------- C:\Program Files\doubleTwist
2008-02-20 20:57 . 2008-02-20 20:57 54,608 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-02-20 16:08 . 2008-02-20 16:08 594 ---hs---- C:\WINDOWS\system32\qqhgdtut.ini
2008-02-20 16:02 . 2008-02-21 16:02 714 ---hs---- C:\WINDOWS\system32\jgsykffo.ini
2008-02-20 15:59 . 2008-02-20 15:59 20,707 --a------ C:\WINDOWS\system32\afvayljx.dll
2008-02-17 17:19 . 2008-02-19 17:19 534 ---hs---- C:\WINDOWS\system32\lpmymyhc.ini
2008-02-16 17:19 . 2008-02-19 19:16 654 ---hs---- C:\WINDOWS\system32\lwlydxvw.ini
2008-02-13 17:20 . 2008-02-16 18:56 474 ---hs---- C:\WINDOWS\system32\vnbyotye.ini
2008-02-13 17:11 . 2008-02-13 17:11 13,811 --a------ C:\WINDOWS\system32\byqdxdyt.dll
2008-02-10 15:09 . 2008-02-10 15:09 13,810 --a------ C:\WINDOWS\system32\tnlbkfqt.dll
2008-02-10 11:34 . 2008-02-10 11:34 <DIR> d-------- C:\Program Files\mVisible Technologies, Inc
2008-02-08 17:12 . 2008-02-08 17:12 <DIR> d-------- C:\Program Files\Bonjour
2008-02-08 15:18 . 2008-02-12 15:17 1,254 ---hs---- C:\WINDOWS\system32\pdhpewiq.ini
2008-02-08 15:09 . 2008-02-08 15:09 20,706 --a------ C:\WINDOWS\system32\ehyugxjj.dll
2008-02-07 15:18 . 2008-02-12 12:57 894 ---hs---- C:\WINDOWS\system32\nbmegygd.ini
2008-02-07 15:09 . 2008-02-07 15:09 20,707 --a------ C:\WINDOWS\system32\iwtpaarw.dll
2008-02-06 19:37 . 2008-02-06 19:37 <DIR> d-------- C:\Program Files\Disney
2008-02-06 18:14 . 2008-02-06 18:14 <DIR> d-------- C:\Documents and Settings\Tami\Application Data\Move Networks
2008-02-06 15:18 . 2008-02-06 17:07 654 ---hs---- C:\WINDOWS\system32\anvvytdf.ini
2008-02-06 15:09 . 2008-02-06 15:09 20,707 --a------ C:\WINDOWS\system32\qimdwvnx.dll
2008-02-05 15:47 . 2008-02-06 17:02 534 ---hs---- C:\WINDOWS\system32\fprlgdqy.ini
2008-02-05 15:16 . 2008-02-05 15:16 90,688 --a------ C:\WINDOWS\system32\gpppylgk.dll
2008-02-05 15:16 . 2008-02-07 15:17 294 ---hs---- C:\WINDOWS\system32\kglypppg.ini
2008-02-05 15:07 . 2008-02-05 15:07 20,706 --a------ C:\WINDOWS\system32\daveeksg.dll
2008-02-04 15:15 . 2008-02-05 15:15 354 ---hs---- C:\WINDOWS\system32\dashgbki.ini
2008-02-04 15:06 . 2008-02-04 15:06 20,707 --a------ C:\WINDOWS\system32\pbqrljxg.dll
2008-02-03 15:11 . 2008-02-03 15:11 21,198 --a------ C:\WINDOWS\system32\lvtchwwr.dll
2008-02-03 15:08 . 2008-02-03 15:08 21,157 --a------ C:\WINDOWS\system32\jqifvchb.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-02 16:23 --------- d-----w C:\Program Files\iTunes
2008-03-02 13:37 --------- d-----w C:\Program Files\Steam
2008-03-01 21:47 --------- d-----w C:\Program Files\Viewpoint
2008-03-01 20:44 --------- d-----w C:\Program Files\QuickTime
2008-03-01 20:44 --------- d-----w C:\Program Files\Linksys EasyLink Advisor
2008-03-01 20:44 --------- d-----w C:\Program Files\dvd43
2008-03-01 20:44 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-01 20:15 --------- d-----w C:\Program Files\SymNetDrv
2008-03-01 20:04 --------- d-s---w C:\Program Files\Xfire
2008-02-29 21:31 --------- d-----w C:\Program Files\BitLord
2008-02-29 12:49 6,784 ----a-w C:\Documents and Settings\All Users\Application Data\ypinfo.bin
2008-02-29 00:20 --------- d-----w C:\Program Files\AIM6
2008-02-27 00:18 371,200 ----a-w C:\WINDOWS\mrofinu1188.exe.tmp
2008-02-25 23:25 --------- d-----w C:\Documents and Settings\Tommy\Application Data\Xfire
2008-02-24 20:35 --------- d-----w C:\Program Files\LucasArts
2008-02-24 20:14 --------- d-----w C:\Program Files\Electronic Arts
2008-02-24 20:08 --------- d-----w C:\Program Files\WildTangent
2008-02-24 20:06 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-10 16:58 --------- d-----w C:\Documents and Settings\Tommy\Application Data\Apple Computer
2008-02-08 22:16 --------- d-----w C:\Program Files\iPod
2008-02-01 01:06 --------- d-----w C:\Program Files\Google
2008-01-30 22:28 --------- d-----w C:\Program Files\BitComet
2008-01-30 06:58 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Symantec
2008-01-29 03:43 --------- d-----w C:\Documents and Settings\Mark\Application Data\Symantec
2008-01-29 03:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-24 22:43 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-01-24 21:45 --------- d-----w C:\Documents and Settings\Tami\Application Data\LimeWire
2008-01-24 21:11 --------- d-----w C:\Documents and Settings\Tommy\Application Data\LimeWire
2008-01-24 21:11 --------- d-----w C:\Documents and Settings\Tommy\Application Data\FrostWire
2008-01-15 22:15 --------- d--h--w C:\Documents and Settings\Mark\Application Data\Gtek
2008-01-15 07:39 30,464 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys
2008-01-02 14:42 --------- d--h--w C:\Documents and Settings\Alyssa\Application Data\Gtek
2008-01-02 01:20 --------- d-----w C:\Program Files\GoldWave
2007-11-07 00:37 52,920 -c--a-w C:\Documents and Settings\Tommy\Application Data\GDIPFONTCACHEV1.DAT
2007-10-04 23:54 22,328 -c--a-w C:\Documents and Settings\Tommy\Application Data\PnkBstrK.sys
2007-10-01 19:38 52,920 -c--a-w C:\Documents and Settings\Tami\Application Data\GDIPFONTCACHEV1.DAT
2007-09-21 02:18 52,920 -c--a-w C:\Documents and Settings\Alyssa\Application Data\GDIPFONTCACHEV1.DAT
2006-08-09 23:23 52,136 -c--a-w C:\Documents and Settings\Mark\Application Data\GDIPFONTCACHEV1.DAT
.
[code]
----a-w           225,280 2008-03-02 16:11:49  C:\Documents and Settings\Tommy\Start Menu\Programs\Startup\PowerReg Scheduler V3                       .exe
----a-w           225,280 2008-03-02 16:11:37  C:\Documents and Settings\Tommy\Start Menu\Programs\Startup\PowerReg Scheduler V3                .exe
----a-w           225,280 2008-03-02 16:12:34  C:\Documents and Settings\Tommy\Start Menu\Programs\Startup\PowerReg Scheduler V3               .exe
----a-w           253,952 2008-03-01 19:57:54  C:\hp\drivers\hplsbwatcher\lsburnwatcher .exe
----a-w           313,472 2008-03-02 15:33:09  C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager .exe
----a-w            50,528 2008-02-29 00:21:11  C:\Program Files\AIM6\aim6 .exe
----a-w            77,824 2008-03-01 19:58:12  C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt .exe
----a-w           339,968 2008-03-01 19:57:51  C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx .exe
----a-w            90,112 2008-03-01 19:58:23  C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart .exe
----a-w           368,706 2008-03-01 19:58:01  C:\Program Files\BroadJump\Client Foundation\CFD .exe
----a-w           153,136 2008-03-01 19:58:17  C:\Program Files\Common Files\Nero\Lib\NeroCheck .exe
----a-w           202,024 2008-03-01 19:59:03  C:\Program Files\Common Files\Nero\Lib\NMBgMonitor .exe
----a-w           180,269 2008-03-01 19:58:41  C:\Program Files\Common Files\Real\Update_OB\realsched .exe
----a-w            58,992 2008-03-01 19:57:57  C:\Program Files\Common Files\Symantec Shared\ccApp .exe
----a-w           694,272 2008-03-01 19:58:16  C:\Program Files\dvd43\dvd43_tray .exe
----a-w            68,856 2008-01-31 23:20:43  C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
----a-w           580,096 2008-01-29 03:35:26  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp     .exe
----a-w           580,096 2008-01-24 21:04:11  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp    .exe
----a-w           580,096 2008-01-24 14:51:15  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp   .exe
----a-w           580,096 2008-01-23 21:40:56  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp  .exe
----a-w           245,760 2008-02-24 20:15:31  C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe
----a-w         1,103,480 2008-03-01 19:58:52  C:\Program Files\IGN\Download Manager\DLM .exe
----a-w           267,048 2008-03-02 15:33:06  C:\Program Files\iTunes\iTunesHelper .exe
----a-w           132,496 2008-03-01 19:58:05  C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
----a-w           454,784 2008-03-01 19:59:07  C:\Program Files\Linksys EasyLink Advisor\LinksysAgent .exe
----a-w         1,694,208 2008-01-23 21:42:12  C:\Program Files\Messenger\msmsgs .exe
----a-w         1,836,328 2008-03-01 19:58:26  C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan .exe
----a-w           286,720 2008-02-01 16:26:57  C:\Program Files\QuickTime\qttask                              .exe
----a-w           647,168 2008-01-31 23:20:09  C:\Program Files\QuickTime\qttask                          .exe
----a-w           647,168 2008-01-31 01:51:11  C:\Program Files\QuickTime\qttask                         .exe
----a-w           647,168 2008-01-30 20:59:44  C:\Program Files\QuickTime\qttask                        .exe
----a-w           647,168 2008-01-30 20:47:38  C:\Program Files\QuickTime\qttask                       .exe
----a-w           647,168 2008-01-30 01:31:29  C:\Program Files\QuickTime\qttask                      .exe
----a-w           647,168 2008-01-29 22:00:46  C:\Program Files\QuickTime\qttask                     .exe
----a-w           647,168 2008-01-29 21:52:48  C:\Program Files\QuickTime\qttask                    .exe
----a-w           647,168 2008-01-29 20:26:33  C:\Program Files\QuickTime\qttask                   .exe
----a-w           647,168 2008-01-29 20:19:24  C:\Program Files\QuickTime\qttask                  .exe
----a-w           647,168 2008-01-29 15:38:15  C:\Program Files\QuickTime\qttask                 .exe
----a-w           647,168 2008-01-29 15:11:56  C:\Program Files\QuickTime\qttask                .exe
----a-w           647,168 2008-01-29 11:56:06  C:\Program Files\QuickTime\qttask               .exe
----a-w           647,168 2008-01-29 03:35:49  C:\Program Files\QuickTime\qttask              .exe
----a-w           647,168 2008-01-29 02:57:22  C:\Program Files\QuickTime\qttask             .exe
----a-w           647,168 2008-01-24 21:38:21  C:\Program Files\QuickTime\qttask            .exe
----a-w           647,168 2008-01-24 21:04:41  C:\Program Files\QuickTime\qttask           .exe
----a-w           647,168 2008-01-24 14:51:44  C:\Program Files\QuickTime\qttask          .exe
----a-w           745,472 2008-03-01 19:56:08  C:\Program Files\QuickTime\qttask        .exe
----a-w           745,472 2008-02-29 00:20:50  C:\Program Files\QuickTime\qttask       .exe
----a-w           745,472 2008-02-27 22:03:57  C:\Program Files\QuickTime\qttask      .exe
----a-w           745,472 2008-02-27 00:18:30  C:\Program Files\QuickTime\qttask     .exe
----a-w           745,472 2008-02-26 19:42:38  C:\Program Files\QuickTime\qttask    .exe
----a-w           745,472 2008-02-26 14:28:15  C:\Program Files\QuickTime\qttask   .exe
----a-w           745,472 2008-02-25 23:16:11  C:\Program Files\QuickTime\qttask  .exe
----a-w           745,472 2008-02-24 23:10:44  C:\Program Files\QuickTime\qttask .exe
----a-w           380,928 2008-03-01 19:58:02  C:\Program Files\SBC Self Support Tool\SmartBridge\MotiveSB .exe
----a-w         2,957,824 2008-03-02 15:33:08  C:\Program Files\Spyware Terminator\SpywareTerminatorShield .exe
----a-w         1,266,936 2008-03-01 19:59:05  C:\Program Files\Steam\steam .exe
----a-w           100,056 2008-03-01 19:57:58  C:\Program Files\SymNetDrv\SNDMon .exe
----a-w         3,552,256 2008-02-24 23:11:05  C:\Program Files\Webroot\Spy Sweeper\SpySweeper     .exe
----a-w         3,916,800 2008-02-24 23:09:52  C:\Program Files\Webroot\Spy Sweeper\SpySweeper    .exe
----a-w         3,916,800 2008-02-05 21:59:53  C:\Program Files\Webroot\Spy Sweeper\SpySweeper   .exe
----a-w         3,916,800 2008-01-29 03:35:20  C:\Program Files\Webroot\Spy Sweeper\SpySweeper  .exe
----a-w         3,916,800 2008-01-29 02:57:11  C:\Program Files\Webroot\Spy Sweeper\SpySweeper .exe
----a-w           267,216 2008-01-24 21:38:08  C:\Program Files\WildTangent\Apps\GameChannel .exe
----a-w           129,536 2008-03-01 19:58:08  C:\Program Files\Yahoo!\browser\ybrwicon .exe
----a-w         2,502,656 2008-02-01 16:27:26  C:\Program Files\Yahoo!\Messenger\ypager .exe
----a-w           352,256 2008-03-01 19:55:56  C:\Program Files\Yahoo!\Parental Controls\ypc .exe
----a-w            64,512 2008-02-27 00:18:20  C:\WINDOWS\ehome\ehtray .exe
----a-w           290,819 2008-01-24 14:52:44  C:\WINDOWS\Fonts\svchost .exe
----a-w            15,360 2008-03-01 22:58:17  C:\WINDOWS\system32\ctfmon .exe
----a-w           659,456 2008-03-01 19:58:11  C:\WINDOWS\system32\hphmon06 .exe
[/code]

-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-09 23:00 15360]
"Aim6"="" []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 12:56 64512]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe" [ ]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-03-02 11:10 2957824]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [ ]
C:\Documents and Settings\Tami\Start Menu\Programs\Startup\
MEMonitor.lnk - C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe [2007-10-10 18:29:48 947544]
C:\Documents and Settings\Tommy\Start Menu\Programs\Startup\
PowerReg Scheduler V3 .exe [2008-03-02 11:11:49 225280]
PowerReg Scheduler V3 .exe [2008-03-02 11:11:37 225280]
PowerReg Scheduler V3 .exe [2008-03-02 11:12:34 225280]
PowerReg Scheduler V3.exe [2008-03-02 08:59:56 560640]
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2008-02-20 20:57:28 2945872]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
AT&T Self Support Tool.lnk - C:\Program Files\SBC Self Support Tool\bin\matcli.exe [2005-10-04 20:18:14 217088]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 21:28:24 258048]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]
SpySubtract.lnk - C:\Program Files\InterMute\SpySubtract\sslaunch.exe [2005-05-26 05:39:33 73728]
Updates from HP.lnk - C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe [2005-05-26 05:40:27 45056]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\kvaxwakd]
kvaxwakd.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\yserver.exe"= C:\\Program Files\\Yahoo!\\Messenger\\yserver.exe
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\Yahoo!\\browser\\ybrowser.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Steam\\SteamApps\\xxtsxx\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\Steam\\SteamApps\\xxtsxx\\source dedicated server\\srcds.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"C:\\Program Files\\Steam\\SteamApps\\xxtsxx\\source sdk base\\hl2.exe"=
"C:\\Program Files\\Steam\\SteamApps\\xxtsxx\\day of defeat source\\hl2.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\Program Files\\Steam\\SteamApps\\xxtsxx\\half-life 2 deathmatch\\hl2.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\LucasArts\\Star Wars Empire at War\\GameData\\sweaw.exe"=
"C:\\Program Files\\LucasArts\\Star Wars Republic Commando\\GameData\\System\\SWRepublicCommando.exe"=
"C:\\Program Files\\LucasArts\\Star Wars JK II Jedi Outcast\\GameData\\jk2mp.exe"=
"C:\\Program Files\\LucasArts\\Star Wars Battlefront\\GameData\\battlefront.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Nero\\Nero8\\Nero Home\\NeroHome.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\AIM6\\aim6 .exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17732:TCP"= 17732:TCP:BitComet 17732 TCP
"17732:UDP"= 17732:UDP:BitComet 17732 UDP
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-03-01 16:10]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38]
R3 amdtools;AMD Special Tools Driver;C:\WINDOWS\system32\DRIVERS\AmdTools.sys [2006-06-07 13:15]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f23e6ae-2b69-11dc-b2f3-0013d320ddc4}]
\Shell\AutoRun\command - M:\system\viewer\FlipVideoforPC.exe
\Shell\Flip Video for PC\command - M:\system\viewer\FlipVideoforPC.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9fa419fd-b8d0-11dc-b33d-0013d320ddc4}]
\Shell\AutoRun\command - L:\system\viewer\FlipVideoforPC.exe
\Shell\Flip Video for PC\command - L:\system\viewer\FlipVideoforPC.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-02-28 14:45:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2005-10-16 23:50:00 C:\WINDOWS\Tasks\Easy Internet Sign-up.job"
- C:\Program Files\Easy Internet signup\HPSdpApp.exe
"2008-03-01 01:01:29 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - HP_Administrator.job"
- C:\PROGRA~1\NORTON~1\Navw32.exeh/task:
"2007-06-17 12:49:02 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Tommy.job"
- C:\PROGRA~1\NORTON~1\Navw32.exeh/task:
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-02 11:52:25
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
r Running Proce
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
.
**************************************************************************
.
Completion time: 2008-03-02 12:00:35 - machine was rebooted [Tommy]
ComboFix-quarantined-files.txt 2008-03-02 17:00:31
.
2008-02-13 08:17:40 --- E O F ---

Report Offensive Follow Up For Removal

Response Number 3

Name: jabuck
Date: March 2, 2008 at 17:23:24 Pacific

Reply: (edit)

Sorry for the delay.
Run Hijack This, close all windows and browsers except Hijack This, placea check to the left of the following items and press "fix checked"
F3 - REG:win.ini: load=C:\WINDOWS\system32\mljgf.exe
Exit Hiajck this.
Open Notepad and copy/paste everything between the X"s into it and make sure "File::" is at the very top of the page.
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
RenV::
----a-w 225,280 2008-03-02 16:11:49 C:\Documents and Settings\Tommy\Start Menu\Programs\Startup\PowerReg Scheduler V3 .exe
----a-w 225,280 2008-03-02 16:11:37 C:\Documents and Settings\Tommy\Start Menu\Programs\Startup\PowerReg Scheduler V3 .exe
----a-w 225,280 2008-03-02 16:12:34 C:\Documents and Settings\Tommy\Start Menu\Programs\Startup\PowerReg Scheduler V3 .exe
----a-w 253,952 2008-03-01 19:57:54 C:\hp\drivers\hplsbwatcher\lsburnwatcher .exe
----a-w 313,472 2008-03-02 15:33:09 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager .exe
----a-w 50,528 2008-02-29 00:21:11 C:\Program Files\AIM6\aim6 .exe
----a-w 77,824 2008-03-01 19:58:12 C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt .exe
----a-w 339,968 2008-03-01 19:57:51 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx .exe
----a-w 90,112 2008-03-01 19:58:23 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart .exe
----a-w 368,706 2008-03-01 19:58:01 C:\Program Files\BroadJump\Client Foundation\CFD .exe
----a-w 153,136 2008-03-01 19:58:17 C:\Program Files\Common Files\Nero\Lib\NeroCheck .exe
----a-w 202,024 2008-03-01 19:59:03 C:\Program Files\Common Files\Nero\Lib\NMBgMonitor .exe
----a-w 180,269 2008-03-01 19:58:41 C:\Program Files\Common Files\Real\Update_OB\realsched .exe
----a-w 58,992 2008-03-01 19:57:57 C:\Program Files\Common Files\Symantec Shared\ccApp .exe
----a-w 694,272 2008-03-01 19:58:16 C:\Program Files\dvd43\dvd43_tray .exe
----a-w 68,856 2008-01-31 23:20:43 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
----a-w 580,096 2008-01-29 03:35:26 C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe
----a-w 580,096 2008-01-24 21:04:11 C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe
----a-w 580,096 2008-01-24 14:51:15 C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe
----a-w 580,096 2008-01-23 21:40:56 C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe
----a-w 245,760 2008-02-24 20:15:31 C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe
----a-w 1,103,480 2008-03-01 19:58:52 C:\Program Files\IGN\Download Manager\DLM .exe
----a-w 267,048 2008-03-02 15:33:06 C:\Program Files\iTunes\iTunesHelper .exe
----a-w 132,496 2008-03-01 19:58:05 C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
----a-w 454,784 2008-03-01 19:59:07 C:\Program Files\Linksys EasyLink Advisor\LinksysAgent .exe
----a-w 1,694,208 2008-01-23 21:42:12 C:\Program Files\Messenger\msmsgs .exe
----a-w 1,836,328 2008-03-01 19:58:26 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan .exe
----a-w 286,720 2008-02-01 16:26:57 C:\Program Files\QuickTime\qttask .exe
----a-w 647,168 2008-01-31 23:20:09 C:\Program Files\QuickTime\qttask .exe
----a-w 647,168 2008-01-31 01:51:11 C:\Program Files\QuickTime\qttask .exe
----a-w 647,168 2008-01-30 20:59:44 C:\Program Files\QuickTime\qttask .exe
----a-w 647,168 2008-01-30 20:47:38 C:\Program Files\QuickTime\qttask .exe
----a-w 647,168 2008-01-30 01:31:29 C:\Program Files\QuickTime\qttask .exe
----a-w 647,168 2008-01-29 22:00:46 C:\Program Files\QuickTime\qttask .exe
----a-w 647,168 2008-01-29 21:52:48 C:\Program Files\QuickTime\qttask .exe
----a-w 647,168 2008-01-29 20:26:33 C:\Program Files\QuickTime\qttask .exe
----a-w 647,168 2008-01-29 20:19:24 C:\Program Files\QuickTime\qttask .exe
----a-w 647,168 2008-01-29 15:38:15 C:\Program Files\QuickTime\qttask .exe
----a-w 647,168 2008-01-29 15:11:56 C:\Program Files\QuickTime\qttask .exe
----a-w 647,168 2008-01-29 11:56:06 C:\Program Files\QuickTime\qttask .exe
----a-w 647,168 2008-01-29 03:35:49 C:\Program Files\QuickTime\qttask .exe
----a-w 647,168 2008-01-29 02:57:22 C:\Program Files\QuickTime\qttask .exe
----a-w 647,168 2008-01-24 21:38:21 C:\Program Files\QuickTime\qttask .exe
----a-w 647,168 2008-01-24 21:04:41 C:\Program Files\QuickTime\qttask .exe
----a-w 647,168 2008-01-24 14:51:44 C:\Program Files\QuickTime\qttask .exe
----a-w 745,472 2008-03-01 19:56:08 C:\Program Files\QuickTime\qttask .exe
----a-w 745,472 2008-02-29 00:20:50 C:\Program Files\QuickTime\qttask .exe
----a-w 745,472 2008-02-27 22:03:57 C:\Program Files\QuickTime\qttask .exe
----a-w 745,472 2008-02-27 00:18:30 C:\Program Files\QuickTime\qttask .exe
----a-w 745,472 2008-02-26 19:42:38 C:\Program Files\QuickTime\qttask .exe
----a-w 745,472 2008-02-26 14:28:15 C:\Program Files\QuickTime\qttask .exe
----a-w 745,472 2008-02-25 23:16:11 C:\Program Files\QuickTime\qttask .exe
----a-w 745,472 2008-02-24 23:10:44 C:\Program Files\QuickTime\qttask .exe
----a-w 380,928 2008-03-01 19:58:02 C:\Program Files\SBC Self Support Tool\SmartBridge\MotiveSB .exe
----a-w 2,957,824 2008-03-02 15:33:08 C:\Program Files\Spyware Terminator\SpywareTerminatorShield .exe
----a-w 1,266,936 2008-03-01 19:59:05 C:\Program Files\Steam\steam .exe
----a-w 100,056 2008-03-01 19:57:58 C:\Program Files\SymNetDrv\SNDMon .exe
----a-w 3,552,256 2008-02-24 23:11:05 C:\Program Files\Webroot\Spy Sweeper\SpySweeper .exe
----a-w 3,916,800 2008-02-24 23:09:52 C:\Program Files\Webroot\Spy Sweeper\SpySweeper .exe
----a-w 3,916,800 2008-02-05 21:59:53 C:\Program Files\Webroot\Spy Sweeper\SpySweeper .exe
----a-w 3,916,800 2008-01-29 03:35:20 C:\Program Files\Webroot\Spy Sweeper\SpySweeper .exe
----a-w 3,916,800 2008-01-29 02:57:11 C:\Program Files\Webroot\Spy Sweeper\SpySweeper .exe
----a-w 267,216 2008-01-24 21:38:08 C:\Program Files\WildTangent\Apps\GameChannel .exe
----a-w 129,536 2008-03-01 19:58:08 C:\Program Files\Yahoo!\browser\ybrwicon .exe
----a-w 2,502,656 2008-02-01 16:27:26 C:\Program Files\Yahoo!\Messenger\ypager .exe
----a-w 352,256 2008-03-01 19:55:56 C:\Program Files\Yahoo!\Parental Controls\ypc .exe
----a-w 64,512 2008-02-27 00:18:20 C:\WINDOWS\ehome\ehtray .exe
----a-w 290,819 2008-01-24 14:52:44 C:\WINDOWS\Fonts\svchost .exe
----a-w 15,360 2008-03-01 22:58:17 C:\WINDOWS\system32\ctfmon .exe
----a-w 659,456 2008-03-01 19:58:11 C:\WINDOWS\system32\hphmon06 .exe
File::
C:\WINDOWS\system32\cediuwji.dll
C:\WINDOWS\system32\OLD17E.tmp
C:\WINDOWS\system32\etqttywe.ini
C:\WINDOWS\system32\RCX15B.tmp
C:\WINDOWS\system32\mshbceap.ini
C:\WINDOWS\BM4a8f37db.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\wdjprihc.dll
C:\WINDOWS\system32\ytnvsvts.ini
C:\WINDOWS\system32\drnveruk.dll
C:\WINDOWS\system32\wpdcahgq.ini
C:\WINDOWS\system32\asepldqs.ini
C:\WINDOWS\system32\gkpjtreq.dll
C:\WINDOWS\system32\qqhgdtut.ini
C:\WINDOWS\system32\jgsykffo.ini
C:\WINDOWS\system32\afvayljx.dll
C:\WINDOWS\system32\lpmymyhc.ini
C:\WINDOWS\system32\lwlydxvw.ini
C:\WINDOWS\system32\vnbyotye.ini
C:\WINDOWS\system32\byqdxdyt.dll
C:\WINDOWS\system32\tnlbkfqt.dll
C:\WINDOWS\system32\xfcodec.dll
C:\WINDOWS\system32\pdhpewiq.ini
C:\WINDOWS\system32\ehyugxjj.dll
C:\WINDOWS\system32\nbmegygd.ini
C:\WINDOWS\system32\iwtpaarw.dll
C:\WINDOWS\system32\anvvytdf.ini
C:\WINDOWS\system32\qimdwvnx.dll
C:\WINDOWS\system32\fprlgdqy.ini
C:\WINDOWS\system32\gpppylgk.dll
C:\WINDOWS\system32\kglypppg.ini
C:\WINDOWS\system32\daveeksg.dll
C:\WINDOWS\system32\dashgbki.ini
C:\WINDOWS\system32\pbqrljxg.dll
C:\WINDOWS\system32\lvtchwwr.dll
C:\WINDOWS\system32\jqifvchb.dll
C:\WINDOWS\mrofinu1188.exe.tmp
C:\Documents and Settings\Tommy\Start Menu\Programs\Startup\PowerReg Scheduler V3 .exe
C:\WINDOWS\system32\kvaxwakd.dll
C:\WINDOWS\system32\mljgf.exe

Driver::
kvaxwakd
Folder::
C:\VundoFix Backups
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\kvaxwakd]

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Go to File on the top bar and choose" Save As", Change the "Save As Type" to All Files, Name it CFScript.txt then save it to your desktop.
Then drag/drop the CFScript.txt onto ComboFix.exe (the red X on your desktop) if combofix does not auto start click "run".
Post a new Combofix log.

Report Offensive Follow Up For Removal

Response Number 4

Name: jabuck
Date: March 2, 2008 at 17:30:20 Pacific

Reply: (edit)

Please go to Virus Total and upload the following files for analysis:

C:\WINDOWS\system32\CF25816.exe
C:\WINDOWS\system32\drivers\usbaapl.sys
Use the browse button at the site to find the file, once you find the file double click it and it should appear in the empty space to the left of the browse button> click "send file".
Post the results in your reply.

Report Offensive Follow Up For Removal

Response Number 5

Name: xxtsxx
Date: March 3, 2008 at 12:58:46 Pacific

Reply: (edit)

i dont know if i did it right because the first file doesnt exist??? but heres the log for the second
File usbaapl.sys received on 03.03.2008 21:47:59 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED

Result: 0/32 (0%)
Loading server information...
Your file is queued in position: 3.
Estimated start time is between 44 and 63 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.
You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
AhnLab-V3 2008.3.4.0 2008.03.03 -
AntiVir 7.6.0.73 2008.03.03 -
Authentium 4.93.8 2008.03.02 -
Avast 4.7.1098.0 2008.03.02 -
AVG 7.5.0.516 2008.03.03 -
BitDefender 7.2 2008.03.03 -
CAT-QuickHeal 9.50 2008.03.03 -
ClamAV 0.92.1 2008.03.03 -
DrWeb 4.44.0.09170 2008.03.03 -
eSafe 7.0.15.0 2008.02.28 -
eTrust-Vet 31.3.5582 2008.03.03 -
Ewido 4.0 2008.03.03 -
FileAdvisor 1 2008.03.03 -
Fortinet 3.14.0.0 2008.03.03 -
F-Prot 4.4.2.54 2008.03.02 -
F-Secure 6.70.13260.0 2008.03.03 -
Ikarus T3.1.1.20 2008.03.03 -
Kaspersky 7.0.0.125 2008.03.03 -
McAfee 5243 2008.03.03 -
Microsoft 1.3301 2008.03.03 -
NOD32v2 2918 2008.03.03 -
Norman 5.80.02 2008.03.03 -
Panda 9.0.0.4 2008.03.03 -
Prevx1 V2 2008.03.03 -
Rising 20.34.02.00 2008.03.03 -
Sophos 4.27.0 2008.03.03 -
Sunbelt 3.0.906.0 2008.02.28 -
Symantec 10 2008.03.03 -
TheHacker 6.2.92.231 2008.03.02 -
VBA32 3.12.6.2 2008.02.27 -
VirusBuster 4.3.26:9 2008.03.03 -
Webwasher-Gateway 6.6.2 2008.03.03 -
Additional information
File size: 30464 bytes
MD5: f340199e8cb097e1acd58a967c665919
SHA1: bf03375a2065284a8a2b67d2716fb51221f19cb3
PEiD: -

Report Offensive Follow Up For Removal


Vundo? HELP! Can't Remove Trojan.Vundo Trojan.vundo virus removal help Trojan.Vundo PLEASE help... Please help! vundo,winfixer etc.	Suspect vundo virus..........help Please help! vundo/trojan. Vundo virus - need help Trojan.Vundo Virus Unable Repair Trojan.Vundo.B Removal Failed

Response Number 6

Name: jabuck
Date: March 3, 2008 at 14:12:04 Pacific

Reply: (edit)

Set up the computer to view hidden files:
To show hidden files do the following:
Click Start > My Computer
On the Tools menu, click Folder Options.
Click the View tab.
Uncheck Hide file extensions for known file types.
Uncheck Hide protected operating system files.
Under the Hidden files folder, locate and check Show hidden files and folders.
If you see a warning message, click Yes.
Click Apply > OK.
Now look again for the file:
C:\WINDOWS\system32\CF25816.exe
Then upload it to VirusTotal.
Looks a though you ran the flie through VirusTotal correctly.

Report Offensive Follow Up For Removal

Response Number 7

Name: xxtsxx
Date: March 3, 2008 at 14:22:04 Pacific

Reply: (edit)

it still says file doesnt exist eventhough i unhide the files.

Report Offensive Follow Up For Removal

Response Number 8

Name: jabuck
Date: March 3, 2008 at 15:41:41 Pacific

Reply: (edit)

Ok.
Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.
Download CCleaner from the following link:
http://filehippo.com/download_ccleaner/
After you download it to your desktop and begin installing it only allow the "install icon on desktop" to install . Then run it, use only as suggested, it's powerful use only the prechecked items.
Run an online scan with Kaspersky from the following link:
Kaspersky Online Scanner
Note: If you have used this particular scanner before, you MAY HAVE YO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component
Click Yes, when prompted to install its ActiveX component.
(Note.. for Internet Explorer 7 users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)
The program launches and downloads the latest definition files.
Once the files are downloaded click on Next
Click on Scan Settings and configure as follows:
Scan using the following Anti-Virus database:
Extended
Scan Options:
Scan Archives
Scan Mail Base
Click OK and, under select a target to scan, select My Computer
When the scan is done, in the Scan is completed window (below), any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.
To obtain the report:
Click on: Save Report As (above - red blinking arrow)
Next, in the Save as prompt, Save in area, select: Desktop
In the File name area, use KScan, or something similar
In Save as type, click the drop arrow and select: Text file [*.txt]
Then, click: Save
Please post the Kaspersky Online Scanner Report in your reply.
Post a new Combofix log and a new Hijck This log.
Go back and hide your hidden files.

Report Offensive Follow Up For Removal

Response Number 9

Name: xxtsxx
Date: March 7, 2008 at 12:40:50 Pacific

Reply: (edit)

---------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, March 06, 2008 5:28:22 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 5/03/2008
Kaspersky Anti-Virus database records: 599797
---------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
Scan Statistics:
Total number of scanned objects: 159532
Number of viruses found: 14
Number of infected objects: 220
Number of suspicious objects: 0
Duration of the scan process: 02:25:07
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0ec0410c25ad74a5dabfcb7fcf2e2755_9b982c15-3c72-41f6-a62c-7c0cb0312b5d Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Nero\Nero8\Nero BackItUp\Cache\NeroBackItUpScheduler3.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-03-02_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\Alyssa\Local Settings\Temp\hsperfdata_Alyssa\3468 Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Tami\Application Data\InterMute\SpySubtract\tmp\3 Object is locked skipped
C:\Documents and Settings\Tami\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Tami\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Tami\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Tami\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Tami\Local Settings\temp\hpodvd09.log Object is locked skipped
C:\Documents and Settings\Tami\Local Settings\temp\JET9258.tmp Object is locked skipped
C:\Documents and Settings\Tami\Local Settings\temp\RCX11.tmp Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\Tami\Local Settings\temp\RCXE.tmp Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\Tami\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Tami\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Tami\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Tommy\Application Data\InterMute\SpySubtract\tmp\3 Object is locked skipped
C:\Documents and Settings\Tommy\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Tommy\LimeWire Saved\Half Life 2 (Standalone).zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\Documents and Settings\Tommy\LimeWire Saved\Half Life 2 (Standalone).zip ZIP: infected - 1 skipped
C:\Documents and Settings\Tommy\LimeWire Saved\Half life 2.zip/Setup.exe Infected: Backdoor.Win32.IRCBot.aro skipped
C:\Documents and Settings\Tommy\LimeWire Saved\Half life 2.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Tommy\LimeWire Saved\Half life.zip/Setup.exe Infected: Backdoor.Win32.IRCBot.aro skipped
C:\Documents and Settings\Tommy\LimeWire Saved\Half life.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Tommy\Local Settings\Application Data\ApplicationHistory\ImageZoneSynchRulesAgent.exe.16741c67.ini.inuse Object is locked skipped
C:\Documents and Settings\Tommy\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped
C:\Documents and Settings\Tommy\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Tommy\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Tommy\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped
C:\Documents and Settings\Tommy\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped
C:\Documents and Settings\Tommy\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped
C:\Documents and Settings\Tommy\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped
C:\Documents and Settings\Tommy\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped
C:\Documents and Settings\Tommy\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped
C:\Documents and Settings\Tommy\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped
C:\Documents and Settings\Tommy\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Tommy\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Tommy\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped
C:\Documents and Settings\Tommy\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped
C:\Documents and Settings\Tommy\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped
C:\Documents and Settings\Tommy\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped
C:\Documents and Settings\Tommy\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped
C:\Documents and Settings\Tommy\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Tommy\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Tommy\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped
C:\Documents and Settings\Tommy\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped
C:\Documents and Settings\Tommy\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Tommy\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Tommy\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Tommy\Local Settings\History\History.IE5\MSHist012008030520080306\index.dat Object is locked skipped
C:\Documents and Settings\Tommy\Local Settings\Temp\hpodvd09.log Object is locked skipped
C:\Documents and Settings\Tommy\Local Settings\Temp\JET88FE.tmp Object is locked skipped
C:\Documents and Settings\Tommy\Local Settings\Temp\Perflib_Perfdata_5fc80.dat Object is locked skipped
C:\Documents and Settings\Tommy\Local Settings\Temp\RCX203.tmp Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\Tommy\Local Settings\Temp\RCXDA.tmp Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\Tommy\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Tommy\My Documents\My Music\iTunes\iTunes Library.itl Object is locked skipped
C:\Documents and Settings\Tommy\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Tommy\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Tommy\Shared\A-one DVD Ripper 4.32.zip/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\Documents and Settings\Tommy\Shared\A-one DVD Ripper 4.32.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Tommy\Start Menu\Programs\Startup\PowerReg Scheduler V3 .exe Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\Tommy\Start Menu\Programs\Startup\PowerReg Scheduler V3 .exe Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\Tommy\Start Menu\Programs\Startup\PowerReg Scheduler V3 .exe Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\Tommy\Start Menu\Programs\Startup\PowerReg Scheduler V3 .exe Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\Tommy\Start Menu\Programs\Startup\PowerReg Scheduler V3 .exe Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\Tommy\Start Menu\Programs\Startup\PowerReg Scheduler V3 .exe Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\Tommy\Start Menu\Programs\Startup\PowerReg Scheduler V3 .exe Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\Tommy\Start Menu\Programs\Startup\PowerReg Scheduler V3 .exe Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\Tommy\Start Menu\Programs\Startup\PowerReg Scheduler V3 .exe Infected: Virus.Win32.Trats.d skipped
C:\Documents and Settings\Tommy\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\AIM6\aim6.exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPPolicy.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPStart.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPStop.log Object is locked skipped
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\iTunes\iTunesHelper.exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Nero\Nero8\Nero BackItUp\BIU1D.txt Object is locked skipped
C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\Program Files\Norton AntiVirus\Quarantine\4D0D6433.dll Infected: not-a-virus:AdWare.Win32.NavExcel.f skipped
C:\Program Files\Norton AntiVirus\Quarantine\4D0D6433.exe Infected: not-a-virus:AdWare.Win32.NavExcel skipped
C:\Program Files\Norton AntiVirus\Quarantine\4D110E30.cab/NHelper.dll Infected: not-a-virus:AdWare.Win32.NavExcel.f skipped
C:\Program Files\Norton AntiVirus\Quarantine\4D110E30.cab/NHUninstaller.exe Infected: not-a-virus:AdWare.Win32.NavExcel skipped
C:\Program Files\Norton AntiVirus\Quarantine\4D110E30.cab/NHUpdater.exe Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
C:\Program Files\Norton AntiVirus\Quarantine\4D110E30.cab CAB: infected - 3 skipped
C:\Program Files\Norton AntiVirus\Quarantine\4D110E30.cab CryptFF: infected - 3 skipped
C:\Program Files\Norton AntiVirus\Quarantine\4D110E30.exe Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped
C:\Program Files\QuickTime\qttask .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\QuickTime\qttask .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\QuickTime\qttask .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\QuickTime\qttask .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\QuickTime\qttask .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\QuickTime\qttask .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\QuickTime\qttask .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\QuickTime\qttask .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\QuickTime\qttask .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\QuickTime\qttask .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\QuickTime\qttask .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\QuickTime\qttask .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\QuickTime\qttask .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\QuickTime\qttask .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\QuickTime\qttask .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\QuickTime\qttask .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\QuickTime\qttask .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\QuickTime\qttask .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\QuickTime\qttask .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\QuickTime\qttask .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\QuickTime\qttask .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\QuickTime\qttask .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\QuickTime\qttask .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\QuickTime\qttask .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\QuickTime\qttask .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\QuickTime\QTTask.exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\SBC Self Support Tool\log\mpbtn.log Object is locked skipped
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Updates from HP\309731\Users\Default\Data\chandir.dat Object is locked skipped
C:\Program Files\Updates from HP\309731\Users\Default\Data\chandir.idx Object is locked skipped
C:\Program Files\Updates from HP\309731\Users\Default\Data\chn.dat Object is locked skipped
C:\Program Files\Updates from HP\309731\Users\Default\Data\chn.idx Object is locked skipped
C:\Program Files\Updates from HP\309731\Users\Default\Data\D0000000.FCS Object is locked skipped
C:\Program Files\Updates from HP\309731\Users\Default\Data\inuse.txt Object is locked skipped
C:\Program Files\Updates from HP\309731\Users\Default\Data\L0000017.FCS Object is locked skipped
C:\Program Files\Updates from HP\309731\Users\Default\Data\main.log Object is locked skipped
C:\Program Files\Updates from HP\309731\Users\Default\Data\prs.dat Object is locked skipped
C:\Program Files\Updates from HP\309731\Users\Default\Data\prs.idx Object is locked skipped
C:\Program Files\Updates from HP\309731\Users\Default\Data\prs_die.dat Object is locked skipped
C:\Program Files\Updates from HP\309731\Users\Default\Data\prs_die.idx Object is locked skipped
C:\Program Files\Updates from HP\309731\Users\Default\Data\prs_dnd.dat Object is locked skipped
C:\Program Files\Updates from HP\309731\Users\Default\Data\prs_dnd.idx Object is locked skipped
C:\Program Files\Updates from HP\309731\Users\Default\Data\prs_ext.dat Object is locked skipped
C:\Program Files\Updates from HP\309731\Users\Default\Data\prs_ext.idx Object is locked skipped
C:\Program Files\Updates from HP\309731\Users\Default\Data\prs_rcv.dat Object is locked skipped
C:\Program Files\Updates from HP\309731\Users\Default\Data\prs_rcv.idx Object is locked skipped
C:\Program Files\Updates from HP\309731\Users\Default\Data\storydb.dat Object is locked skipped
C:\Program Files\Updates from HP\309731\Users\Default\Data\storydb.idx Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\SpySweeper .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Webroot\Spy Sweeper\SpySweeper .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Webroot\Spy Sweeper\SpySweeper .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Webroot\Spy Sweeper\SpySweeper .exe Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Documents and Settings\Tommy\Start Menu\Programs\Startup\PowerReg Scheduler V3 .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Documents and Settings\Tommy\Start Menu\Programs\Startup\PowerReg Scheduler V3 .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Documents and Settings\Tommy\Start Menu\Programs\Startup\PowerReg Scheduler V3 .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Documents and Settings\Tommy\Start Menu\Programs\Startup\PowerReg Scheduler V3 .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Documents and Settings\Tommy\Start Menu\Programs\Startup\PowerReg Scheduler V3 .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Documents and Settings\Tommy\Start Menu\Programs\Startup\PowerReg Scheduler V3 .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Documents and Settings\Tommy\Start Menu\Programs\Startup\PowerReg Scheduler V3 .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Documents and Settings\Tommy\Start Menu\Programs\Startup\PowerReg Scheduler V3 .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Documents and Settings\Tommy\Start Menu\Programs\Startup\PowerReg Scheduler V3 .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Documents and Settings\Tommy\Start Menu\Programs\Startup\PowerReg Scheduler V3 .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Documents and Settings\Tommy\Start Menu\Programs\Startup\PowerReg Scheduler V3 .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Documents and Settings\Tommy\Start Menu\Programs\Startup\PowerReg Scheduler V3 .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Documents and Settings\Tommy\Start Menu\Programs\Startup\PowerReg Scheduler V3 .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Documents and Settings\Tommy\Start Menu\Programs\Startup\PowerReg Scheduler V3 .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Documents and Settings\Tommy\Start Menu\Programs\Startup\PowerReg Scheduler V3 .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Documents and Settings\Tommy\Start Menu\Programs\Startup\PowerReg Scheduler V3 .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Documents and Settings\Tommy\Start Menu\Programs\Startup\PowerReg Scheduler V3 .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Documents and Settings\Tommy\Start Menu\Programs\Startup\PowerReg Scheduler V3 .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Documents and Settings\Tommy\Start Menu\Programs\Startup\PowerReg Scheduler V3 .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Documents and Settings\Tommy\Start Menu\Programs\Startup\PowerReg Scheduler V3 .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\hp\drivers\hplsbwatcher\lsburnwatcher.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\BroadJump\Client Foundation\CFD.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Common Files\Nero\Lib\NeroCheck.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Common Files\Real\Update_OB\realsched.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Common Files\Symantec Shared\ccApp.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\dvd43\dvd43_tray.exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp .exe.vir Infected: Virus.Win32.Trats.d skipped
C:\QooBox\Quarantine\C\Program Files\