Thread: Internet Explorer Pop-ups
View Single Post
Old 06-30-2007, 09:14 AM   #8 (permalink)
Disko_Stu
Registered User
 
Disko_Stu's Avatar
 
Join Date: May 2007
Location: Australia
Posts: 43
OS: Windows XP and Vista


Re: Internet Explorer Pop-ups
Hi sUBs, sorry to have taken so long to reply, combofix again took hours to run.

I successfully generated the .CAB file and uploaded it to the website given.

O4 - Startup: csrss.lnk = ? <-- this item was unable to be fixed with hijack this, it said to close the program with the task manager, when i did this the system was unable to close it because it is a critical system process.

I did as you requested as per combofix but after restarting it again never produced the log file. I let it run for about 3 hours yet no log file was produced. I have attached the (incomplete) log file that was generated inside the combofix directory.

Kaspersky ran completely and i have attached the log file created.

Should I try running DSS again as the system is a bit more stable at the moment?

Thanks sUBs

______________________________

HiJack This Log

Logfile of HijackThis v1.99.1
Scan saved at 01:11, on 2007-07-01
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ANYCOM\Blue USB-120-240\bin\btwdins.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\ComboFix\catchme.cfexe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
C:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Belkin\F5D9050\Belkinwcui.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ANYCOM\Blue USB-120-240\BTTray.exe
C:\Program Files\SpyCatcher\Protector.exe
C:\Program Files\SpyCatcher\Scheduler daemon.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ninemsn.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher\SCActiveBlock.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-au\msntb.dll
O3 - Toolbar: ninemsn - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-au\msntb.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [DriveSMART] C:\PROGRA~1\COMPUA~1\smartapp.exe STARTUP
O4 - HKLM\..\Run: [F5D9050] C:\Program Files\Belkin\F5D9050\Belkinwcui.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [ctqbgngx.exe] C:\Documents and Settings\All Users\Application Data\ctqbgngx.exe
O4 - HKLM\..\Run: [SpyCatcher Reminder] C:\Program Files\SpyCatcher\SpyCatcher.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Startup: csrss.lnk = ?
O4 - Startup: Scheduler.lnk = C:\Program Files\SpyCatcher\Scheduler daemon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: SpyCatcher Protector.lnk = C:\Program Files\SpyCatcher\Protector.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\ANYCOM\Blue USB-120-240\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ANYCOM\Blue USB-120-240\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ANYCOM\Blue USB-120-240\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://global.acer.com/
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/.../GAME_UNO1.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: secuload.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\ANYCOM\Blue USB-120-240\bin\btwdins.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe



________________________

Kaspersky Log

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
2007-07-01 00:57
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 30/06/2007
Kaspersky Anti-Virus database records: 355843
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: false

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 232720
Number of viruses found: 74
Number of infected objects: 351 / 0
Number of suspicious objects: 3
Duration of the scan process: 01:26:49

Infected Object Name / Virus Name / Last Action
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\drivers\etc\hosts.msn Infected: Trojan.Win32.Qhost skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\fppcbmfb.exe Infected: not-a-virus:AdWare.Win32.Sahat.au skipped
C:\WINDOWS\system32\63ffj9lp.ini Infected: not-a-virus:AdWare.Win32.Sahat.ao skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\USDR6_7777_BHLP0611NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.q skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\WinAntiSpyware2007FreeInstall.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\wsem303.dll Infected: Trojan-Downloader.Win32.Dyfuca.dt skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\b129.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\WINDOWS\b129.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\WINDOWS\b129.exe/stream/data0006 Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\WINDOWS\b129.exe/stream/data0008 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\WINDOWS\b129.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\WINDOWS\b129.exe NSIS: infected - 5 skipped
C:\WINDOWS\b128.exe/stream/data0002/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eh skipped
C:\WINDOWS\b128.exe/stream/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eh skipped
C:\WINDOWS\b128.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\WINDOWS\b128.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\WINDOWS\b128.exe NSIS: infected - 4 skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08140000.VBN Infected: Trojan-Downloader.Win32.VB.ft skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08140001.VBN Infected: Trojan-Downloader.Win32.VB.ft skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04180000.VBN Infected: Trojan-Downloader.Win32.IstBar.lo skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04180001.VBN Infected: Trojan-Downloader.Win32.IstBar.lo skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04180002.VBN Infected: Trojan-Downloader.Win32.IstBar.ie skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04180003.VBN Infected: Trojan-Downloader.Win32.IstBar.ie skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05F80000.VBN Infected: Trojan-Downloader.Win32.IstBar.ij skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01B40000.VBN Infected: Trojan-Downloader.Win32.IstBar.ij skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01B40001.VBN Infected: Trojan-Downloader.Win32.IstBar.ij skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04FC0000.VBN Infected: Trojan-Downloader.Win32.IstBar.lq skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\12CC0000.VBN Infected: Backdoor.Win32.Virkel.a skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\13EC0000.VBN Infected: Backdoor.Win32.Virkel.a skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\11500000.VBN Infected: Backdoor.Win32.Virkel.a skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0C180000.VBN Infected: Backdoor.Win32.Virkel.a skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06A00000.VBN Infected: Backdoor.Win32.Virkel.a skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01EC0000.VBN Infected: Backdoor.Win32.Virkel.a skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E780000.VBN Infected: Backdoor.Win32.Virkel.b skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01480000.VBN Infected: Backdoor.Win32.Virkel.b skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08040000.VBN Infected: Trojan-Downloader.Win32.VB.ft skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08040001.VBN Infected: Trojan-Downloader.Win32.VB.ft skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BEC0000.VBN Infected: Trojan-Downloader.VBS.Small.co skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BEC0001.VBN Infected: Trojan-Downloader.VBS.Small.co skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E800000.VBN Infected: Backdoor.Win32.Virkel.b skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E800001.VBN Infected: Backdoor.Win32.Virkel.b skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D900000.VBN Infected: Trojan-Downloader.Win32.VB.fi skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A900000.VBN Infected: Trojan-Downloader.Win32.VB.fi skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0DFC0000.VBN Infected: Trojan-Downloader.Win32.VB.fi skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02540000.VBN Infected: Trojan-Downloader.Win32.VB.fi skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E240000.VBN Infected: Trojan-Downloader.Win32.VB.fi skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06900000.VBN Infected: Trojan-Downloader.Win32.VB.fi skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05E40000.VBN Infected: Trojan-Downloader.Win32.Agent.brf skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05EC0000.VBN Infected: Trojan-Downloader.Win32.Small.cwj skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05E00000.VBN Infected: Trojan-Downloader.Win32.Small.cwj skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05E00001.VBN Infected: Trojan-Clicker.Win32.Costrat.ax skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05F00000.VBN Infected: Trojan-Downloader.Win32.Small.cwj skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05D00000.VBN Infected: Trojan-Downloader.Win32.Small.cwj skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05E00002.VBN Infected: Trojan-Downloader.Win32.Small.cwj skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05E40001.VBN Infected: Trojan-Downloader.Win32.Small.cwj skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05E00003.VBN Infected: Trojan-Downloader.Win32.Small.cwj skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05D00001.VBN Infected: Trojan-Downloader.Win32.Small.cwj skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05E40002.VBN Infected: Trojan-Downloader.Win32.Small.cwj skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05D00002.VBN Infected: Trojan-Downloader.Win32.Small.cwj skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05CC0000.VBN Infected: Trojan.Win32.Agent.ama skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05D80000.VBN Infected: Trojan.Win32.Agent.ama skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05CC0001.VBN Infected: Trojan.Win32.Agent.ama skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05DC0000.VBN Infected: Trojan.Win32.Agent.ama skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05DC0001.VBN Infected: Trojan.Win32.Agent.ama skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05E80000.VBN Infected: Trojan.Win32.Agent.ama skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05E00004.VBN Infected: Trojan.Win32.Agent.ama skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05CC0002.VBN Infected: Trojan.Win32.Agent.ama skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05D40001.VBN Infected: Trojan.Win32.Agent.ama skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05E00005.VBN Infected: Trojan.Win32.Agent.ama skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05D40002.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09FC0000.VBN Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0A180000.VBN Infected: Trojan.Win32.Agent.anr skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09480000.VBN Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09600000.VBN Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09440000.VBN Infected: Trojan.Win32.Agent.anr skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09580000.VBN Infected: Trojan.Win32.Agent.anr skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09540001.VBN Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03F80000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03F80001.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03F80002.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03F80003.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03F80004.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03F80005.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03F80006.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03F80007.VBN Infected: Trojan.Win32.Dialer.qn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03F80008.VBN Infected: Trojan.Win32.Dialer.qn skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03F80009.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03F8000A.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03F8000B.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03F8000C.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09500000.VBN Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09680000.VBN Infected: Trojan.Win32.Agent.anr skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\095C0000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D940000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D940001.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D940002.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\069C0000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\055C0000.VBN Infected: Trojan.Win32.Agent.anr skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\017C0000.VBN Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06B00000.VBN Infected: Trojan.Win32.Agent.anr skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\069C0001.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01FC0001.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01FC0002.VBN Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01FC0003.VBN Infected: Trojan.Win32.Agent.anr skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02540001.VBN Infected: not-a-virus:FraudTool.Win32.UltimateDefender.c skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02280000.VBN Infected: not-a-virus:FraudTool.Win32.UltimateDefender.c skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\020C0000.VBN Infected: not-a-virus:FraudTool.Win32.UltimateDefender.c skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02780000.VBN Infected: not-a-virus:FraudTool.Win32.UltimateDefender.c skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02780001.VBN Infected: not-a-virus:FraudTool.Win32.UltimateDefender.c skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02080000.VBN Infected: not-a-virus:FraudTool.Win32.UltimateDefender.c skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07980000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07980001.VBN Infected: not-a-virus:FraudTool.Win32.UltimateDefender.c skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07980002.VBN Infected: not-a-virus:FraudTool.Win32.UltimateDefender.c skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\037C0000.VBN Infected: not-a-virus:FraudTool.Win32.UltimateDefender.c skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07900000.VBN Infected: not-a-virus:FraudTool.Win32.UltimateDefender.c skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07900001.VBN Infected: not-a-virus:FraudTool.Win32.UltimateDefender.c skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07940000.VBN Infected: not-a-virus:FraudTool.Win32.UltimateDefender.c skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\078C0000.VBN Infected: Trojan.Win32.Agent.anr skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04080000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07940001.VBN Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06980000.VBN Infected: Trojan.Win32.Agent.anr skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\064C0000.VBN Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06940000.VBN Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\068C0001.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06480000.VBN Infected: Trojan.Win32.Agent.anr skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08600000.VBN Infected: not-a-virus:FraudTool.Win32.UltimateDefender.c skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08480000.VBN Infected: Trojan.Win32.Agent.anr skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\085C0000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\085C0001.VBN Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08640001.VBN Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08580000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08480001.VBN Infected: Trojan.Win32.Agent.anr skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05100000.VBN Infected: Trojan.Win32.Agent.anr skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05140000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05D40003.VBN Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06CC0000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06C80000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06C80001.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.kj skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06D00000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06D40000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05BC0000.VBN Infected: Trojan.Win32.Agent.anr skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05BC0002.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.kj skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05BC0004.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.kj skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05BC0006.VBN Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05BC0008.VBN Infected: Trojan.Win32.Agent.anr skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05BC0009.VBN Infected: Trojan.Win32.Agent.anr skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05BC000A.VBN Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05BC000B.VBN Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\06C80002.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09600001.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.kj skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\09580001.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\078C0001.VBN Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\Documents and Settings\All Users\Application Data\Tenebril\GhostSurf\3.0\upd-fin.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Jacqui Hampton\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Jacqui Hampton\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Jacqui Hampton\Local Settings\Temp\fnm310.tmp Object is locked skipped
C:\Documents and Settings\Jacqui Hampton\Local Settings\Temp\fnm311.tmp Object is locked skipped
C:\Documents and Settings\Jacqui Hampton\Local Settings\Temp\DL2Log4 Object is locked skipped
C:\Documents and Settings\Jacqui Hampton\Local Settings\Temp\~DFA38A.tmp Object is locked skipped
C:\Documents and Settings\Jacqui Hampton\Local Settings\Temp\fnm5F.tmp Object is locked skipped
C:\Documents and Settings\Jacqui Hampton\Local Settings\Temp\fnm60.tmp Object is locked skipped
C:\Documents and Settings\Jacqui Hampton\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jacqui Hampton\Local Settings\History\History.IE5\MSHist012007063020070701\index.dat Object is locked skipped
C:\Documents and Settings\Jacqui Hampton\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jacqui Hampton\Local Settings\Temporary Internet Files\Content.IE5\0RMP6LQ5\tob_snd_20070616[1] Infected: Trojan.Win32.Agent.aoy skipped
C:\Documents and Settings\Jacqui Hampton\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Jacqui Hampton\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Jacqui Hampton\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML Object is locked skipped
C:\Documents and Settings\Jacqui Hampton\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_219.wmdb Object is locked skipped
C:\Documents and Settings\Jacqui Hampton\Local Settings\Application Data\Mozilla\Firefox\Profiles\ch5tntem.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Jacqui Hampton\Local Settings\Application Data\Mozilla\Firefox\Profiles\ch5tntem.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Jacqui Hampton\Local Settings\Application Data\Mozilla\Firefox\Profiles\ch5tntem.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Jacqui Hampton\Local Settings\Application Data\Mozilla\Firefox\Profiles\ch5tntem.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Jacqui Hampton\Desktop\requested-files[2007-06-30_19_59].cab/C:/WINDOWS/system32/ubtcpwlp.dll Suspicious: Packed.Win32.Morphine.a skipped
C:\Documents and Settings\Jacqui Hampton\Desktop\requested-files[2007-06-30_19_59].cab/C:/WINDOWS/system32/ssqoonn.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\Documents and Settings\Jacqui Hampton\Desktop\requested-files[2007-06-30_19_59].cab/C:/WINDOWS/hfhjxefc.exe Infected: not-a-virus:AdWare.Win32.SurfAccuracy.q skipped
C:\Documents and Settings\Jacqui Hampton\Desktop\requested-files[2007-06-30_19_59].cab/C:/WINDOWS/nem220.dll Infected: Trojan-Downloader.Win32.Dyfuca.gen skipped
C:\Documents and Settings\Jacqui Hampton\Desktop\requested-files[2007-06-30_19_59].cab CAB: infected - 3, suspicious - 1 skipped
C:\Documents and Settings\Jacqui Hampton\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Jacqui Hampton\Application Data\Mozilla\Firefox\Profiles\ch5tntem.default\parent.lock Object is locked skipped
C:\Documents and Settings\Jacqui Hampton\Application Data\Mozilla\Firefox\Profiles\ch5tntem.default\cert8.db Object is locked skipped
C:\Documents and Settings\Jacqui Hampton\Application Data\Mozilla\Firefox\Profiles\ch5tntem.default\key3.db Object is locked skipped
C:\Documents and Settings\Jacqui Hampton\Application Data\Mozilla\Firefox\Profiles\ch5tntem.default\history.dat Object is locked skipped
C:\Documents and Settings\Jacqui Hampton\Application Data\Mozilla\Firefox\Profiles\ch5tntem.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Jacqui Hampton\Application Data\Mozilla\Firefox\Profiles\ch5tntem.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\index.dat Object is locked skipped
C:\Program Files\Media Pass\MediaPassC.dll Infected: not-a-virus:AdWare.Win32.WinAD.af skipped
C:\Program Files\Media Pass\MediaPassK.exe~ Infected: not-a-virus:AdWare.Win32.WinAD.af skipped
C:\Program Files\Media Pass\MediaPass.exe Infected: not-a-virus:AdWare.Win32.WinAD.af skipped
C:\Program Files\Morpheus\morpheustoolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\Program Files\Morpheus\mymorpheusToolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\Program Files\SurfAccuracy\SAcc.exe Infected: not-a-virus:AdWare.Win32.SurfAccuracy.t skipped
C:\Program Files\SurfAccuracy\SAccU.exe Infected: not-a-virus:AdWare.Win32.SurfAccuracy.n skipped
C:\Program Files\Zxlmgww\Yzagfp.exe~ Infected: Trojan.Win32.Small.cy skipped
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP2\A0000004.exe Infected: Trojan-Downloader.Win32.PurityScan.eg skipped
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP2\A0000006.exe Infected: Trojan-Downloader.Win32.PurityScan.eh skipped
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP2\A0000008.exe Infected: Trojan-Downloader.Win32.Agent.bls skipped
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP2\A0000009.dll Infected: Trojan-PSW.Win32.Sinowal.m skipped
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP2\A0000010.dll Infected: Trojan-PSW.Win32.Sinowal.m skipped
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP2\A0000012.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP2\A0000013.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP2\A0000014.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP2\A0000015.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP2\A0000016.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP2\A0000017.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP2\A0000018.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP2\A0000019.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP2\A0000020.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP2\A0000021.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP2\A0000022.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP2\A0000023.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP2\A0000024.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP2\A0000025.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP2\A0000026.exe Infected: not-a-virus:Downloader.Win32.WinFixer.t skipped
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP2\A0000027.exe Infected: not-a-virus:Downloader.Win32.WinFixer.x skipped
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP2\A0000028.exe/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP2\A0000028.exe/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP2\A0000028.exe/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP2\A0000028.exe/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP2\A0000028.exe RarSFX: infected - 4 skipped
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP2\A0000032.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP2\A0000033.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP2\A0000034.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP2\A0000035.exe Infected: not-a-virus:AdWare.Win32.Rond.a skipped
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP2\A0000036.exe Infected: Trojan.Win32.Small.oa skipped
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP2\A0000037.exe Infected: not-a-virus:AdWare.Win32.PurityScan.fn skipped
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP2\A0000038.exe Infected: Trojan-Downloader.Win32.PurityScan.ej skipped
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP2\A0000040.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP2\A0000040.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP2\A0000040.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP2\A0000051.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP2\A0000052.dll Infected: Trojan.Win32.Dialer.qn skipped
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP2\A0000058.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP2\A0002210.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP2\A0002211.dll Suspicious: Packed.Win32.Morphine.a skipped
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP2\A0002217.exe Infected: not-a-virus:AdWare.Win32.SurfAccuracy.q skipped
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP2\A0002218.dll Infected: Trojan-Downloader.Win32.Dyfuca.gen skipped
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP2\A0002219.DLL Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP3\change.log Object is locked skipped
C:\Deckard\System Scanner\20070629163344\backup\DOCUME~1\JACQUI~1\LOCALS~1\Temp\WinAntiSpyware2007Setup.exe/file05/file2 Infected: not-a-virus:Downloader.Win32.WinFixer.t skipped
C:\Deckard\System Scanner\20070629163344\backup\DOCUME~1\JACQUI~1\LOCALS~1\Temp\WinAntiSpyware2007Setup.exe/file05 Infected: not-a-virus:Downloader.Win32.WinFixer.t skipped
C:\Deckard\System Scanner\20070629163344\backup\DOCUME~1\JACQUI~1\LOCALS~1\Temp\WinAntiSpyware2007Setup.exe/file26 Infected: not-a-virus:Downloader.Win32.WinFixer.t skipped
C:\Deckard\System Scanner\20070629163344\backup\DOCUME~1\JACQUI~1\LOCALS~1\Temp\WinAntiSpyware2007Setup.exe/file39 Infected: not-a-virus:Downloader.Win32.WinFixer.x skipped
C:\Deckard\System Scanner\20070629163344\backup\DOCUME~1\JACQUI~1\LOCALS~1\Temp\WinAntiSpyware2007Setup.exe Inno: infected - 4 skipped
C:\Deckard\System Scanner\20070629163344\backup\DOCUME~1\JACQUI~1\LOCALS~1\Temp\!update.exe Infected: Trojan-Downloader.Win32.PurityScan.dx skipped
C:\Deckard\System Scanner\20070629163344\backup\DOCUME~1\JACQUI~1\LOCALS~1\Temp\gos4F00.tmp Infected: Trojan.Win32.Dialer.qn skipped
C:\Deckard\System Scanner\20070629163344\backup\DOCUME~1\JACQUI~1\LOCALS~1\Temp\win4F11.tmp/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eg skipped
C:\Deckard\System Scanner\20070629163344\backup\DOCUME~1\JACQUI~1\LOCALS~1\Temp\win4F11.tmp NSIS: infected - 1 skipped
C:\Deckard\System Scanner\20070629163344\backup\WINDOWS\temp\Altnet\dmfiles.cab/AltnetUninstall.exe Infected: not-a-virus:AdWare.Win32.Altnet.g skipped
C:\Deckard\System Scanner\20070629163344\backup\WINDOWS\temp\Altnet\dmfiles.cab CAB: infected - 1 skipped
C:\Deckard\System Scanner\20070629163344\backup\WINDOWS\temp\Altnet\mysearch.cab/mySetp.exe Infected: not-a-virus:AdWare.Win32.MyWay.g skipped
C:\Deckard\System Scanner\20070629163344\backup\WINDOWS\temp\Altnet\mysearch.cab CAB: infected - 1 skipped
C:\Deckard\System Scanner\20070629163344\backup\WINDOWS\temp\Altnet\pmexe.cab/Points Manager.exe Infected: not-a-virus:AdWare.Win32.Altnet.h skipped
C:\Deckard\System Scanner\20070629163344\backup\WINDOWS\temp\Altnet\pmexe.cab CAB: infected - 1 skipped
C:\Deckard\System Scanner\20070629163344\backup\WINDOWS\temp\Altnet\pmfiles.cab/sysdetect.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1007 skipped
C:\Deckard\System Scanner\20070629163344\backup\WINDOWS\temp\Altnet\pmfiles.cab CAB: infected - 1 skipped
C:\Deckard\System Scanner\20070629163344\backup\WINDOWS\temp\Altnet\Setup.exe Infected: not-a-virus:AdWare.Win32.Altnet.b skipped
C:\Deckard\System Scanner\20070629163344\backup\WINDOWS\temp\Altnet\adm4.dll Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\Deckard\System Scanner\20070629163344\backup\WINDOWS\temp\Altnet\adm25.dll Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\Deckard\System Scanner\20070629163344\backup\WINDOWS\temp\Altnet\adm.exe Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\Deckard\System Scanner\20070629163344\backup\WINDOWS\temp\Altnet\admdloader.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.3039 skipped
C:\Deckard\System Scanner\20070629163344\backup\WINDOWS\temp\Altnet\admfdi.dll Infected: not-a-virus:AdWare.Win32.Altnet.j skipped
C:\Deckard\System Scanner\20070629163344\backup\WINDOWS\temp\Altnet\admprog.dll Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
C:\Deckard\System Scanner\backup\WINDOWS\Downloaded Program Files\WinAntiSpyware2007FreeInstall.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\QooBox\Quarantine\C\Program Files\Common Files\Yazzle1162OinAdmin.exe.vir Infected: Trojan-Downloader.Win32.PurityScan.eg skipped
C:\QooBox\Quarantine\C\Program Files\Common Files\Yazzle1122OinAdmin.exe.vir Infected: Trojan-Downloader.Win32.PurityScan.eh skipped
C:\QooBox\Quarantine\C\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.dll.vir Infected: Trojan-PSW.Win32.Sinowal.m skipped
C:\QooBox\Quarantine\C\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll.vir Infected: Trojan-PSW.Win32.Sinowal.m skipped
C:\QooBox\Quarantine\C\Program Files\Common Files\WinAntiSpyware 2007\uwas7cw.exe.vir Infected: not-a-virus:Downloader.Win32.WinFixer.t skipped
C:\QooBox\Quarantine\C\Program Files\Common Files\WinAntiSpyware 2007\WAS7Mon.exe.vir Infected: not-a-virus:Downloader.Win32.WinFixer.x skipped
C:\QooBox\Quarantine\C\Program Files\Common Files\DriveCleaner Free.vir\udcsdr.exe~ Infected: not-a-virus:Downloader.Win32.WinFixer.l skipped
C:\QooBox\Quarantine\C\Program Files\Common Files\DriveCleaner Free.vir\udcpas.exe~ Infected: not-a-virus:Downloader.Win32.WinFixer.l skipped
C:\QooBox\Quarantine\C\Program Files\webHancer\whAgent_update.exe.vir/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\QooBox\Quarantine\C\Program Files\webHancer\whAgent_update.exe.vir/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\QooBox\Quarantine\C\Program Files\webHancer\whAgent_update.exe.vir/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\QooBox\Quarantine\C\Program Files\webHancer\whAgent_update.exe.vir/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\QooBox\Quarantine\C\Program Files\webHancer\whAgent_update.exe.vir RarSFX: infected - 4 skipped
C:\QooBox\Quarantine\C\Program Files\webHancer\Programs\whiehlpr.dll.vir Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\QooBox\Quarantine\C\Program Files\webHancer\Programs\webhdll.dll.vir Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\QooBox\Quarantine\C\Program Files\webHancer\Programs\whinstaller.exe.vir Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\QooBox\Quarantine\C\Program Files\WinAntiSpyware 2007\RTMonitor.dat\296c61ce47f249561fb22299\a11d21868c8f4130b750b7a0\c1cf0658ba3a48d6c0edb18f\#data.vir Infected: Trojan.Win32.Qhost skipped
C:\QooBox\Quarantine\C\Program Files\WinPop\winpop.exe.vir Infected: not-a-virus:AdWare.Win32.Rond.a skipped
C:\QooBox\Quarantine\C\Program Files\WinPop\UnInstall.exe.vir Infected: Trojan.Win32.Small.oa skipped
C:\QooBox\Quarantine\C\Program Files\YSTEM~1\сsrss.exe.vir Infected: not-a-virus:AdWare.Win32.PurityScan.fn skipped
C:\QooBox\Quarantine\C\Program Files\Internet Optimizer.vir\optimize.exe Infected: Trojan-Downloader.Win32.Dyfuca.du skipped
C:\QooBox\Quarantine\C\Program Files\Internet Optimizer.vir\update\actalert.exe Infected: Trojan-Downloader.Win32.Dyfuca.dp skipped
C:\QooBox\Quarantine\C\Program Files\Internet Optimizer.vir\update\rogue.exe Infected: Trojan.Win32.Small.cy skipped
C:\QooBox\Quarantine\C\Program Files\Internet Optimizer.vir\actalert.exe Infected: Trojan-Downloader.Win32.Dyfuca.dp skipped
C:\QooBox\Quarantine\C\WINDOWS\retadpu1000272.exe.vir Infected: Trojan-Downloader.Win32.Agent.bls skipped
C:\QooBox\Quarantine\C\WINDOWS\DOWNLO~1\UWA7P_0001_N91M0809NetInstaller.exe.vir Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\uwskuahd.exe.vir Infected: Trojan.Win32.Agent.aoy skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\roxipreb.exe.vir Infected: Trojan.Win32.Agent.aoy skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\umadsnti.exe.vir Infected: Trojan.Win32.Agent.aoy skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ncdsnvqj.exe.vir Infected: Trojan.Win32.Agent.aoy skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\vbsvhuaf.exe.vir Infected: Trojan.Win32.Agent.aoy skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\dhhompvk.exe.vir Infected: Trojan.Win32.Agent.aoy skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\xwpgdugj.exe.vir Infected: Trojan.Win32.Agent.aoy skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\trjreygc.exe.vir Infected: Trojan.Win32.Agent.aoy skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\davqycqc.exe.vir Infected: Trojan.Win32.Agent.aoy skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\xslhpkky.exe.vir Infected: Trojan.Win32.Agent.aoy skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\mcsoaato.exe.vir Infected: Trojan.Win32.Agent.aoy skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ptqujmyy.exe.vir Infected: Trojan.Win32.Agent.aoy skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\vhuoukgs.exe.vir Infected: Trojan.Win32.Agent.aoy skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\nmgffgen.exe.vir Infected: Trojan.Win32.Agent.aoy skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\efcyxyy.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\winjjq32.dll.vir Infected: Trojan.Win32.Dialer.qn skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\pmkhh.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\yydnkecc.exe.vir Infected: Trojan.Win32.Agent.aoy skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\dxjbgfji.exe.vir Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ubtcpwlp.dll.vir Suspicious: Packed.Win32.Morphine.a skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ssqoonn.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\QooBox\Quarantine\C\WINDOWS\SCURIT~1\regsvr32.exe.vir Infected: Trojan-Downloader.Win32.PurityScan.ej skipped
C:\QooBox\Quarantine\C\WINDOWS\b122.exe.vir/stream/data0004 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\QooBox\Quarantine\C\WINDOWS\b122.exe.vir/stream Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\QooBox\Quarantine\C\WINDOWS\b122.exe.vir NSIS: infected - 2 skipped
C:\QooBox\Quarantine\C\WINDOWS\hfhjxefc.exe.vir Infected: not-a-virus:AdWare.Win32.SurfAccuracy.q skipped
C:\QooBox\Quarantine\C\WINDOWS\nem220.dll.vir Infected: Trojan-Downloader.Win32.Dyfuca.gen skipped
E:\Documents and Settings\All Users.WINDOWS2\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05B80000.VBN/Counter.class Infected: Trojan.Java.ClassLoader.h skipped
E:\Documents and Settings\All Users.WINDOWS2\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05B80000.VBN/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c skipped
E:\Documents and Settings\All Users.WINDOWS2\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05B80000.VBN/Parser.class Infected: Trojan.Java.ClassLoader.d skipped
E:\Documents and Settings\All Users.WINDOWS2\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05B80000.VBN ZIP: infected - 3 skipped
E:\Documents and Settings\All Users.WINDOWS2\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05B80000.VBN CryptZ: infected - 3 skipped
E:\Documents and Settings\All Users.WINDOWS2\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05B80001.VBN/Counter.class Infected: Trojan.Java.ClassLoader.h skipped
E:\Documents and Settings\All Users.WINDOWS2\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05B80001.VBN/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c skipped
E:\Documents and Settings\All Users.WINDOWS2\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05B80001.VBN/Parser.class Infected: Trojan.Java.ClassLoader.d skipped
E:\Documents and Settings\All Users.WINDOWS2\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05B80001.VBN ZIP: infected - 3 skipped
E:\Documents and Settings\All Users.WINDOWS2\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05B80001.VBN CryptZ: infected - 3 skipped
E:\Documents and Settings\All Users.WINDOWS2\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08100000.VBN Infected: Exploit.HTML.Mht skipped
E:\Documents and Settings\All Users.WINDOWS2\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08340000.VBN Infected: Exploit.HTML.Mht skipped
E:\Documents and Settings\All Users.WINDOWS2\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08500000.VBN Infected: Exploit.HTML.Mht skipped
E:\Documents and Settings\All Users.WINDOWS2\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08540000.VBN Infected: Exploit.HTML.Mht skipped
E:\Documents and Settings\All Users.WINDOWS2\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08540001.VBN Infected: Exploit.HTML.Mht skipped
E:\Documents and Settings\All Users.WINDOWS2\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\087C0000.VBN Infected: Exploit.HTML.Mht skipped
E:\Documents and Settings\All Users.WINDOWS2\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08800000.VBN Infected: Exploit.HTML.Mht skipped
E:\Documents and Settings\All Users.WINDOWS2\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08800001.VBN Infected: Exploit.HTML.Mht skipped
E:\Documents and Settings\Barbara\Local Settings\Temporary Internet Files\Content.IE5\I323IPYB\dogado999[1].jpg Infected: Exploit.HTML.Mht skipped
E:\Documents and Settings\Lance\Local Settings\Temp\__unin__.exe Infected: not-a-virus:AdWare.Win32.Altnet.g skipped
E:\found.001\file0003.chk Infected: not-a-virus:AdWare.Win32.MyWay.b skipped
E:\LOSTFILE\DIR18\Altnet\adm.exe Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
E:\LOSTFILE\DIR18\Altnet\adm25.dll Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
E:\LOSTFILE\DIR18\Altnet\adm4.dll Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
E:\LOSTFILE\DIR18\Altnet\admdloader.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.3039 skipped
E:\LOSTFILE\DIR18\Altnet\admfdi.dll Infected: not-a-virus:AdWare.Win32.Altnet.j skipped
E:\LOSTFILE\DIR18\Altnet\admprog.dll Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
E:\LOSTFILE\DIR18\Altnet\dmfiles.cab/AltnetUninstall.exe Infected: not-a-virus:AdWare.Win32.Altnet.g skipped
E:\LOSTFILE\DIR18\Altnet\dmfiles.cab CAB: infected - 1 skipped
E:\LOSTFILE\DIR18\Altnet\mysearch.cab/mySetp.exe Infected: not-a-virus:AdWare.Win32.MyWay.g skipped
E:\LOSTFILE\DIR18\Altnet\mysearch.cab CAB: infected - 1 skipped
E:\LOSTFILE\DIR18\Altnet\pmexe.cab/Points Manager.exe Infected: not-a-virus:AdWare.Win32.Altnet.h skipped
E:\LOSTFILE\DIR18\Altnet\pmexe.cab CAB: infected - 1 skipped
E:\LOSTFILE\DIR18\Altnet\pmfiles.cab/sysdetect.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1007 skipped
E:\LOSTFILE\DIR18\Altnet\pmfiles.cab CAB: infected - 1 skipped
E:\LOSTFILE\DIR18\Altnet\Setup.exe Infected: not-a-virus:AdWare.Win32.Altnet.b skipped
E:\Program Files\hbinst\Hbinst.exe Infected: not-a-virus:AdWare.Win32.Hotbar.k skipped
E:\Program Files\Hotbar\bin\4.4.5.0\HbHostIE.dll Infected: not-a-virus:AdWare.Win32.Hotbar.m skipped
E:\Program Files\Hotbar\bin\4.4.5.0\HbHostOE.dll Infected: not-a-virus:AdWare.Win32.Hotbar.m skipped
E:\Program Files\Hotbar\bin\4.4.5.0\HbHostOL.dll Infected: not-a-virus:AdWare.Win32.Hotbar.m skipped
E:\Program Files\Hotbar\bin\4.4.5.0\Hbinst.exe Infected: not-a-virus:AdWare.Win32.Hotbar.k skipped
E:\Program Files\Hotbar\bin\4.4.5.0\HbInstIE.dll Infected: not-a-virus:AdWare.Win32.Hotbar.k skipped
E:\Program Files\Hotbar\bin\4.4.5.0\HbSrv.exe Infected: not-a-virus:AdWare.Win32.Hotbar.o skipped
E:\Program Files\Hotbar\bin\4.4.5.0\HbToolbar.dll Infected: not-a-virus:AdWare.Win32.Hotbar.ak skipped
E:\Program Files\Hotbar\bin\4.4.5.0\WeatherOnTray.exe Infected: not-a-virus:AdWare.Win32.Hotbar.an skipped
E:\Program Files\INSTAFINK\InstaFinderK_inst.exe/stream Infected: not-a-virus:AdWare.Win32.404Search.h skipped
E:\Program Files\INSTAFINK\InstaFinderK_inst.exe NSIS: infected - 1 skipped
E:\Program Files\INSTAFINK\instafink.dll Infected: not-a-virus:AdWare.Win32.404Search.h skipped
E:\Program Files\MSN Messenger\riched20.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
E:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL Infected: not-a-virus:AdWare.Win32.MyWay.g skipped
E:\Program Files\MyWay\myBar\1.bin\NPMYWAY.DLL Infected: not-a-virus:AdWare.Win32.MyWay.f skipped
E:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
E:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
E:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
E:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
E:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
E:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
E:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
E:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
E:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
E:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
E:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
E:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
E:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
E:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
E:\Program Files\PerfectNav\BHO\PerfectNav150c.dll Infected: not-a-virus:AdWare.Win32.Perfnav.a skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\System Volume Information\_restore{3D0AB8C8-E7E6-4A23-B5FE-79EBC9A1C860}\RP3\change.log Object is locked skipped

Scan process completed.



_____________________________

Combofix Log (Incomplete)

"Jacqui Hampton" - 2007-06-30 20:14:03 - ComboFix 07-06-29.3 - Service Pack 2
Command switches used :: C:\Documents and Settings\Jacqui Hampton\Desktop\ComboFix-Do.txt


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\mljge.dll
C:\WINDOWS\system32\jqbdikjy.dll
C:\WINDOWS\system32\vnfrkprv.dll
C:\WINDOWS\system32\egjlm.ini
C:\WINDOWS\system32\egjlm.bak1
C:\WINDOWS\system32\vrpkrfnv.ini
C:\WINDOWS\system32\egjlm.ini
C:\WINDOWS\system32\egjlm.bak1


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\ALLUSE~1\APPLIC~1\ctqbgngx.exe
C:\WINDOWS\63ffj9lp.exe
C:\WINDOWS\hfhjxefc.exe
C:\WINDOWS\nem220.dll
C:\WINDOWS\system32\dxjbgfji.exe
C:\WINDOWS\system32\lcmrvx.dll
C:\WINDOWS\system32\mljge.dll
C:\WINDOWS\system32\mm4095oo.dll
C:\WINDOWS\system32\qbb5o8jg.exe
C:\WINDOWS\system32\qkchukoe
C:\WINDOWS\system32\qkchukoe\bg1.gif
C:\WINDOWS\system32\qkchukoe\bgtop.gif
C:\WINDOWS\system32\qkchukoe\bottom1.gif
C:\WINDOWS\system32\qkchukoe\essentials.gif
C:\WINDOWS\system32\qkchukoe\icon1.ico
C:\WINDOWS\system32\qkchukoe\install1.gif
C:\WINDOWS\system32\qkchukoe\left1.gif
C:\WINDOWS\system32\qkchukoe\li.gif
C:\WINDOWS\system32\qkchukoe\logo.gif
C:\WINDOWS\system32\qkchukoe\main.htm
C:\WINDOWS\system32\qkchukoe\mainframe.htm
C:\WINDOWS\system32\qkchukoe\reinstall1.gif
C:\WINDOWS\system32\qkchukoe\right1.gif
C:\WINDOWS\system32\qkchukoe\s1.htm
C:\WINDOWS\system32\qkchukoe\s2.htm
C:\WINDOWS\system32\qkchukoe\s3.htm
C:\WINDOWS\system32\qkchukoe\SMTop1.gif
C:\WINDOWS\system32\qkchukoe\SMTop2.gif
C:\WINDOWS\system32\qkchukoe\SMTop3.gif
C:\WINDOWS\system32\qkchukoe\SMTop4.gif
C:\WINDOWS\system32\qkchukoe\soft1_off.gif
C:\WINDOWS\system32\qkchukoe\soft1_off_ext.gif
C:\WINDOWS\system32\qkchukoe\soft1_on.gif
C:\WINDOWS\system32\qkchukoe\soft1_on_ext.gif
C:\WINDOWS\system32\qkchukoe\soft2_off.gif
C:\WINDOWS\system32\qkchukoe\soft2_off_ext.gif
C:\WINDOWS\system32\qkchukoe\soft2_on.gif
C:\WINDOWS\system32\qkchukoe\soft2_on_ext.gif
C:\WINDOWS\system32\qkchukoe\soft3_off.gif
C:\WINDOWS\system32\qkchukoe\soft3_off_ext.gif
C:\WINDOWS\system32\qkchukoe\soft3_on.gif
C:\WINDOWS\system32\qkchukoe\soft3_on_ext.gif
C:\WINDOWS\system32\qkchukoe\softbottom_off.gif
C:\WINDOWS\system32\qkchukoe\softbottom_on.gif
C:\WINDOWS\system32\qkchukoe\softleft_off.gif
C:\WINDOWS\system32\qkchukoe\softleft_on.gif
C:\WINDOWS\system32\qkchukoe\top1.gif
C:\WINDOWS\system32\qkchukoe\top2.gif
C:\WINDOWS\system32\qkchukoe\turnoff1.gif
C:\WINDOWS\system32\qkchukoe\turnon1.gif
C:\WINDOWS\system32\ssqoonn.dll
C:\WINDOWS\system32\ubtcpwlp.dll
C:\WINDOWS\system32\yydnkecc.exe


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-05-28 to 2007-06-30 )))))))))))))))))))))))))))))))


2007-06-29 21:46 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-29 16:51 0 --a------ C:\WINDOWS\nsreg.dat
2007-06-29 16:11 <DIR> d-------- C:\Deckard
2007-06-28 20:48 1,048,576 --ah----- C:\DOCUME~1\LOCALS~1.NTA\NTUSER.DAT
2007-06-28 20:48 <DIR> d---s---- C:\DOCUME~1\LOCALS~1.NTA\UserData
2007-06-28 20:47 <DIR> d--hs---- C:\FOUND.000
2007-06-23 23:35 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-06-22 11:37 <DIR> d-------- C:\DOCUME~1\JACQUI~1\APPLIC~1\Atari
2007-06-22 11:14 197,120 --a------ C:\WINDOWS\patchw32.dll
2007-06-22 11:14 <DIR> d-------- C:\Program Files\Common Files\PocketSoft
2007-06-22 11:14 <DIR> d-------- C:\DOCUME~1\JACQUI~1\APPLIC~1\Leadertech
2007-06-22 11:09 <DIR> d-------- C:\Program Files\Atari
2007-06-21 16:12 <DIR> d-------- C:\DOCUME~1\JACQUI~1\APPLIC~1\FileMaker
2007-06-13 22:02 <DIR> d-------- C:\DOCUME~1\JACQUI~1\APPLIC~1\Tenebril
2007-06-13 21:53 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tenebril
2007-06-13 21:52 40,960 --a-s---- C:\WINDOWS\system32\ProcessKiller.dll
2007-06-13 21:52 180,224 --a-s---- C:\WINDOWS\system32\archlib.dll
2007-06-13 21:52 169,544 --a-s---- C:\WINDOWS\system32\SecuLoad.dll
2007-06-13 21:52 1,103,944 --a-s---- C:\WINDOWS\system32\Protector.dll
2007-06-13 21:52 <DIR> d-------- C:\WINDOWS\system32\tenarchlib
2007-06-13 21:52 <DIR> d-------- C:\Program Files\SpyCatcher
2007-06-13 17:57 754,808 --a------ C:\WINDOWS\system32\LiveProtectSetup.exe
2007-06-12 17:20 <DIR> d-------- C:\Program Files\Yahoo! Games
2007-06-11 16:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sandlot Games
2007-06-11 16:12 <DIR> d-------- C:\DOCUME~1\JACQUI~1\APPLIC~1\Sandlot Games


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-30 11:19:30 12 ----a-w C:\WINDOWS\bthservsdp.dat
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-01 08:49:06 16 ----a-w C:\WINDOWS\system32\a99vi88f.dat
2007-05-01 08:49:02 573,944 ----a-w C:\WINDOWS\system32\nc5vfm94.dat
2007-05-01 08:48:58 2,256 ----a-w C:\WINDOWS\system32\rl5ba39o.dat
2007-04-26 0610 690,757 ----a-w C:\WINDOWS\system32\fppcbmfb.exe
2007-04-25 14:21:16 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:24 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 12:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 12:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 12:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 12:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 12:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 12:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 12:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 12:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4efb-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll [2004-09-29 11:02]
{0A87E45F-537A-40B4-B812-E2544C21A09F}=C:\Program Files\SpyCatcher\SCActiveBlock.dll [2005-08-22 21:57]
{9394EDE7-C8B5-483E-8773-474BF36AF6E4}=C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll [2004-08-13 16:42]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar3.dll [2007-01-19 23:55]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}=C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [2007-06-28 23:40]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}=C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-au\msntb.dll [2006-01-17 16:04]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"="CTHELPER.EXE" [2003-06-20 14:55 C:\WINDOWS\system32\CTHELPER.EXE]
"AsioReg"="REGSVR32.exe" [2004-08-04 18:56 C:\WINDOWS\system32\regsvr32.exe]
"SBDrvDet"="C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 18:06]
"SoundMan"="SOUNDMAN.EXE" [2003-12-19 19:53 C:\WINDOWS\soundman.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 11:52]
"nwiz"="nwiz.exe" [2004-04-23 14:24 C:\WINDOWS\system32\nwiz.exe]
"vptray"="C:\Program Files\NavNT\vptray.exe" [2001-09-24 06:59]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe" [2005-08-26 17:14]
"Nokia Tray Application"="C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe" [2003-02-10 14:30]
"DataLayer"="C:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe" [2003-10-07 06:44]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-02-11 14:52]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-12-20 20:54]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 18:56 C:\WINDOWS\system32\bthprops.cpl]
"DriveSMART"="C:\PROGRA~1\COMPUA~1\smartapp.exe" []
"F5D9050"="C:\Program Files\Belkin\F5D9050\Belkinwcui.exe" [2006-03-14 15:52]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-10-08 12:31]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-10-08 12:24]
"ctqbgngx.exe"="C:\Documents and Settings\All Users\Application Data\ctqbgngx.exe" []
"SpyCatcher Reminder"="C:\Program Files\SpyCatcher\SpyCatcher.exe" [2007-05-07 11:56]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\MSMSGS.exe" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-28 23:40]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2004-10-08 12:06]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=secuload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - netsvcs
NtmlSvc


________________________

Thanks
Disko_Stu is offline