Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

W32.trats!inf And Trojan Vundo Among Others


  • Please log in to reply
1 reply to this topic

#1 memnoch

memnoch

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:newport beach, ca
  • Local time:06:13 PM

Posted 28 February 2008 - 04:59 PM

Hello from a newbie to this forum

I slaved the hd then scanned from symantec but the scan was terminated by the virus. ?? not sure how that happened but..

returned the hd to master and rescanned again, same result from symantec site but did get a list of 549 files infected with various vermin. Ran spybot s&d which also got clobbered during "fix problems" deletion. hmmm, nasty little guys, so OK.
Ran hijackthis then slaved the drive again onto a clean computer with latest defs from norton 2008 which quarantined most all of the infected files then returned hd to master. symantec site rescan found even more than original infected files replaced or reinfected. SoI then downloaded combofix, that seemed to do the trick, rescanned again from symantec site and cleaned up last 30 files combofix didn't delete. Ran spybot again and terminated the last adware found.

Please check through these logs and let me know if you find any remaining problem programs or files I may have missed.

thanks in advance
memnoch
*****************************************
symantec virus scan:












Virus Status: Infected!
Your computer is infected with at least one known threat.




188058 files scanned, 549 file(s) infected on your disk drives.

No viruses were detected in memory.
Your computer is free of known threats. Virus Detection does not check compressed files.
Your computer appears safe for now. For real-time protection from viruses, hackers and privacy threats, upgrade to Norton Internet Security™.
No viruses were detected in memory.
The scan was cancelled before finishing. To restart the scan, click here.
Your computer is free of known threats. Virus Detection does not check compressed files.
Your computer appears safe for now. For real-time protection from viruses, hackers and privacy threats, upgrade to Norton Internet Security™.
Search for the name of the threat(s) listed below on the Symantec Security Response site for removal information.

Warning! The scan detected a virus that is active in your computer's memory.
The scan ended to prevent further infection.
You should shut down your computer immediately and restart it with an antivirus rescue disk or similar tool.
No viruses were detected in memory.
Your computer is infected with at least one known virus or Trojan horse.
Search for the name of the threat(s) listed below on the Symantec Security Response site for removal information.

No viruses were detected in memory.
Your computer is infected with at least one known virus or Trojan horse.

Note: The scan was cancelled before finishing. There may be more infected files on this computer.
Search for the name of the threat(s) listed below on the Symantec Security Response site for removal information.

C:\WINDOWS\system32\jkklm.dll is infected with Trojan.Vundo

C:\WINDOWS\system32\jkklm.exe is infected with W32.Trats!inf
C:\RECYCLER\S-1-5-21-2639334086-2401466932-3068051631-1006\Dc87.exe is infected with AdvancedCleaner
C:\RECYCLER\S-1-5-21-2639334086-2401466932-3068051631-1006\Dc88.exe is infected with AdvancedCleaner
C:\RECYCLER\S-1-5-21-2639334086-2401466932-3068051631-1006\Dc89.exe is infected with AdvancedCleaner
C:\Program Files\SpamBlockerUtility\bin\4.7.1.0\dBenderC.dll is infected with Adware.Hotbar
C:\Program Files\SpamBlockerUtility\bin\4.7.1.0\Redemption.dll is infected with Adware.Hotbar
C:\Program Files\SpamBlockerUtility\bin\4.7.1.0\SBClientSinkPS.dll is infected with Adware.Hotbar
C:\Program Files\SpamBlockerUtility\bin\4.7.1.0\SBOLExp.dll is infected with Adware.Hotbar
C:\Program Files\SpamBlockerUtility\bin\4.7.1.0\SBOLExt.dll is infected with Adware.Hotbar
C:\Program Files\SpamBlockerUtility\bin\4.7.1.0\SbShprRprt.exe is infected with Adware.Hotbar
C:\Program Files\SpamBlockerUtility\bin\4.7.1.0\SbSrv.exe is infected with Adware.Hotbar
C:\Program Files\SpamBlockerUtility\bin\4.7.1.0\SBSrvPS.dll is infected with Adware.Hotbar
C:\Program Files\SpamBlockerUtility\bin\4.7.1.0\SBTrayAppPS.dll is infected with Adware.Hotbar
C:\Program Files\SpamBlockerUtility\bin\4.7.1.0\SBUIRes.dll is infected with Adware.Hotbar
C:\Program Files\SpamBlockerUtility\bin\4.7.1.0\SBUISkin.dll is infected with Adware.Hotbar
C:\Program Files\SpamBlockerUtility\bin\4.7.1.0\SpamBlocker.exe is infected with Adware.Hotbar
C:\Program Files\SpamBlockerUtility\bin\4.7.1.0\SpamBlockerUtility.exe is infected with Adware.Hotbar
C:\Program Files\SBC Self Support Tool\SmartBridge\MotiveSB.exe is infected with W32.Trats!inf
C:\Program Files\QuickTime\qttask .exe is infected with W32.Trats!inf
C:\Program Files\QuickTime\qttask .exe is infected with W32.Trats!inf
C:\Program Files\QuickTime\qttask .exe is infected with W32.Trats!inf
C:\Program Files\QuickTime\qttask .exe is infected with W32.Trats!inf
C:\Program Files\QuickTime\qttask .exe is infected with W32.Trats!inf
C:\Program Files\QuickTime\qttask .exe is infected with W32.Trats!inf
C:\Program Files\QuickTime\qttask .exe is infected with W32.Trats!inf
C:\Program Files\QuickTime\qttask .exe is infected with W32.Trats!inf
C:\Program Files\QuickTime\qttask .exe is infected with W32.Trats!inf
C:\Program Files\QuickTime\qttask .exe is infected with W32.Trats!inf
C:\Program Files\QuickTime\qttask .exe is infected with W32.Trats!inf
C:\Program Files\QuickTime\qttask .exe is infected with W32.Trats!inf
C:\Program Files\QuickTime\qttask .exe is infected with W32.Trats!inf
C:\Program Files\QuickTime\qttask .exe is infected with W32.Trats!inf
C:\Program Files\QuickTime\qttask .exe is infected with W32.Trats!inf
C:\Program Files\QuickTime\qttask .exe is infected with W32.Trats!inf
C:\Program Files\QuickTime\qttask .exe is infected with W32.Trats!inf
C:\Program Files\QuickTime\qttask .exe is infected with W32.Trats!inf
C:\Program Files\QuickTime\qttask .exe is infected with W32.Trats!inf
C:\Program Files\QuickTime\qttask .exe is infected with W32.Trats!inf
C:\Program Files\QuickTime\qttask .exe is infected with W32.Trats!inf
C:\Program Files\QuickTime\qttask .exe is infected with W32.Trats!inf
C:\Program Files\QuickTime\qttask .exe is infected with W32.Trats!inf
C:\Program Files\QuickTime\qttask .exe is infected with W32.Trats!inf
C:\Program Files\QuickTime\qttask .exe is infected with W32.Trats!inf
C:\Program Files\QuickTime\qttask .exe is infected with W32.Trats!inf
C:\Program Files\QuickTime\qttask .exe is infected with W32.Trats!inf
C:\Program Files\QuickTime\qttask .exe is infected with W32.Trats!inf
C:\Program Files\QuickTime\qttask.exe is infected with W32.Trats!inf
C:\Program Files\QdrPack\QdrPack11 .exe is infected with Adware.ISMonitor
C:\Program Files\QdrModule\QdrModule11 .exe is infected with Adware.ISMonitor
C:\Program Files\QdrModule\QdrModule12 .exe is infected with Downloader
C:\Program Files\QdrDrive\QdrDrive9.dll is infected with Adware.ISMonitor
C:\Program Files\P.S.Guard\PSGuard.exe is infected with PSGuard
C:\Program Files\iTunes\iTunesHelper.exe is infected with W32.Trats!inf
C:\Program Files\Common Files\Real\Update_OB\realsched.exe is infected with W32.Trats!inf
C:\Program Files\Canon\Memory Card Utility\iP6600D\PDUiP6600DMon.exe is infected with W32.Trats!inf
C:\Program Files\BroadJump\Client Foundation\CFD.exe is infected with W32.Trats!inf
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temporary Internet Files\Content.IE5\YZ2NYHE3\18_swp[2] is infected with Downloader
C:\Documents and Settings\Suzy\Local Settings\Temporary Internet Files\Content.IE5\YZ2NYHE3\5_swp[1] is infected with Downloader
C:\Documents and Settings\Suzy\Local Settings\Temporary Internet Files\Content.IE5\YZ2NYHE3\scan[1].htm is infected with Downloader
C:\Documents and Settings\Suzy\Local Settings\Temporary Internet Files\Content.IE5\YZ2NYHE3\scan[1].php is infected with Downloader
C:\Documents and Settings\Suzy\Local Settings\Temporary Internet Files\Content.IE5\YZ2NYHE3\scan[2].htm is infected with Downloader
C:\Documents and Settings\Suzy\Local Settings\Temporary Internet Files\Content.IE5\SP8Z8FS3\14_swp[1] is infected with Downloader
C:\Documents and Settings\Suzy\Local Settings\Temporary Internet Files\Content.IE5\SP8Z8FS3\3_swp[1].htm is infected with Downloader
C:\Documents and Settings\Suzy\Local Settings\Temporary Internet Files\Content.IE5\SP8Z8FS3\5_swp[1] is infected with Downloader
C:\Documents and Settings\Suzy\Local Settings\Temporary Internet Files\Content.IE5\SP8Z8FS3\CAERK9MT.php is infected with Downloader
C:\Documents and Settings\Suzy\Local Settings\Temporary Internet Files\Content.IE5\SP8Z8FS3\index[1].htm is infected with Downloader
C:\Documents and Settings\Suzy\Local Settings\Temporary Internet Files\Content.IE5\SP8Z8FS3\scan[2].php is infected with Downloader
C:\Documents and Settings\Suzy\Local Settings\Temporary Internet Files\Content.IE5\RY2I4QX7\n14043[1].htm is infected with Downloader
C:\Documents and Settings\Suzy\Local Settings\Temporary Internet Files\Content.IE5\RY2I4QX7\scan[1].htm is infected with Downloader
C:\Documents and Settings\Suzy\Local Settings\Temporary Internet Files\Content.IE5\KTQVS9M3\10_swp[1].htm is infected with Downloader
C:\Documents and Settings\Suzy\Local Settings\Temporary Internet Files\Content.IE5\KTQVS9M3\counter[3].htm is infected with Downloader
C:\Documents and Settings\Suzy\Local Settings\Temporary Internet Files\Content.IE5\KTQVS9M3\n14041[1].htm is infected with Downloader
C:\Documents and Settings\Suzy\Local Settings\Temporary Internet Files\Content.IE5\KTQVS9M3\n14042[1].htm is infected with Downloader
C:\Documents and Settings\Suzy\Local Settings\Temporary Internet Files\Content.IE5\K18DA7WL\3_swp[1] is infected with Downloader
C:\Documents and Settings\Suzy\Local Settings\Temporary Internet Files\Content.IE5\K18DA7WL\5_swp[1] is infected with Downloader
C:\Documents and Settings\Suzy\Local Settings\Temporary Internet Files\Content.IE5\K18DA7WL\5_swp[2] is infected with Downloader
C:\Documents and Settings\Suzy\Local Settings\Temporary Internet Files\Content.IE5\K18DA7WL\scan[1].htm is infected with Downloader
C:\Documents and Settings\Suzy\Local Settings\Temporary Internet Files\Content.IE5\K18DA7WL\scan[1].php is infected with Downloader
C:\Documents and Settings\Suzy\Local Settings\Temporary Internet Files\Content.IE5\K18DA7WL\scan[2].php is infected with Downloader
C:\Documents and Settings\Suzy\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLMN\5_swp[1] is infected with Downloader
C:\Documents and Settings\Suzy\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLMN\n14048[2].htm is infected with Downloader
C:\Documents and Settings\Suzy\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\n14046[1].htm is infected with Downloader
C:\Documents and Settings\Suzy\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\_bm1fc2FfbWFfa3cxX21hMTA_eWFob28uY29t_bm1fMTUxMDc2XzI2YWIxYzEwYzE2YzExZGM5OWRlMTUxMDc2ZGRmZmZmXzJkNjIxMjliOTU5ZjQ2ZjhhOTNkZDNmMTg0MGNjN2Ri_[1].exe is infected with Trojan Horse
C:\Documents and Settings\Suzy\Local Settings\Temporary Internet Files\Content.IE5\6PWFU165\5_swp[1] is infected with Downloader
C:\Documents and Settings\Suzy\Local Settings\Temporary Internet Files\Content.IE5\6PWFU165\5_swp[2] is infected with Downloader
C:\Documents and Settings\Suzy\Local Settings\Temporary Internet Files\Content.IE5\6PWFU165\9_swp[1] is infected with Downloader
C:\Documents and Settings\Suzy\Local Settings\Temporary Internet Files\Content.IE5\6PWFU165\CAYJAJMX is infected with Downloader
C:\Documents and Settings\Suzy\Local Settings\Temporary Internet Files\Content.IE5\6PWFU165\scan[1].htm is infected with Downloader
C:\Documents and Settings\Suzy\Local Settings\Temporary Internet Files\Content.IE5\6PWFU165\scan[2].php is infected with Downloader
C:\Documents and Settings\Suzy\Local Settings\Temporary Internet Files\Content.IE5\6PWFU165\scan[3].php is infected with Downloader
C:\Documents and Settings\Suzy\Local Settings\Temporary Internet Files\Content.IE5\6PWFU165\scan[4].php is infected with Downloader
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX102.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX103.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX104.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX105.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX106.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX107.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX108.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX109.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX10A.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX10B.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX10C.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX10D.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX10F.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX111.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX112.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX113.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX114.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX115.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX116.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX117.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX118.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX119.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX11A.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX11B.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX11C.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX11D.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX11E.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX11F.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX12.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX120.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX121.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX122.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX123.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX124.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX125.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX126.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX127.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX128.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX129.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX12A.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX12B.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX12C.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX12D.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX12F.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX13.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX130.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX131.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX132.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX133.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX134.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX135.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX136.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX137.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX138.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX139.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX13A.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX13B.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX13C.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX13D.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX13E.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX13F.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX140.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX141.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX142.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX143.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX144.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX145.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX146.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX147.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX148.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX149.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX14A.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX14B.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX14C.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX14D.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX14E.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX14F.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX15.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX150.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX151.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX152.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX154.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX155.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX156.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX157.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX158.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX159.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX15A.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX15B.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX15C.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX15D.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX15E.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX15F.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX16.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX160.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX161.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX162.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX163.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX164.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX165.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX166.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX167.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX168.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX169.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX16A.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX16B.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX16C.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX16D.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX16E.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX16F.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX17.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX170.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX171.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX172.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX173.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX174.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX175.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX176.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX177.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX178.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX179.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX17A.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX17B.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX17C.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX17D.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX17E.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX17F.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX18.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX181.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX182.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX183.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX184.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX185.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX186.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX187.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX188.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX18A.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX18B.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX18D.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX18E.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX18F.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX19.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX190.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX194.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX197.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX198.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX19B.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX19D.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX19E.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX1A.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX1A2.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX1A3.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX1A5.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX1A6.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX1A7.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX1A9.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX1AA.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX1AD.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX1AF.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX1B.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX1B1.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX1B3.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX1B5.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX1B6.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX1B9.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX1BE.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX1BF.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX1C.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX1C1.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX1C4.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX1C9.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX1CC.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX1CF.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX1D.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX1DF.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX1E.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX1E1.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX1E8.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX1EA.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX1EB.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX1ED.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX1EE.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX1F.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX1F0.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX1F3.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX1F5.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX1F6.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX1F8.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX1F9.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX1FA.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX1FB.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX20.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX202.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX20F.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX21.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX218.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX21B.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX21E.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX22.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX223.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX226.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX229.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX22F.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX23.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX24.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX25.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX259.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX25C.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX25F.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX26.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX268.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX26B.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX26E.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX27.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX273.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX276.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX279.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX28.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX282.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX29.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX29A.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX29D.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX2A.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX2A0.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX2A5.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX2A8.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX2AB.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX2B.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX2B1.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX2C.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX2CF.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX2D.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX2E.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX2F.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX30.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX31.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX33.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX34.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX348.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX35.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX36.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX37.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX38.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX39.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX3A.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX3B.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX3C.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX3D.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX3E.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX3F.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX41.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX42.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX43.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX44.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX45.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX46.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX47.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX48.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX49.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX4A.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX4B.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX4D.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX4E.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX4F.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX59.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX5A.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX5B.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX5C.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX5D.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX5E.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX5F.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX60.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX61.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX62.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX63.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX64.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX65.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX66.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX67.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX68.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX69.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX6A.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX6B.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX6C.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX6D.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX6E.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX6F.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX70.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX71.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX72.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX73.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX74.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX75.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX76.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX77.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX78.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX79.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX7A.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX7B.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX7C.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX7D.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX7E.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX7F.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX80.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX81.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX82.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX83.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX84.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX85.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX86.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX87.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX88.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX89.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX8A.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX8B.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX8C.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX8D.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX8E.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX8F.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX90.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX91.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX92.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX93.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX94.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX96.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX99.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX9A.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX9B.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX9C.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX9D.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX9E.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCX9F.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCXA0.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCXA1.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCXA2.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCXA3.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCXA4.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCXA5.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCXA6.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCXA7.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCXA8.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCXA9.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCXAA.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCXAB.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCXAC.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCXAD.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCXAE.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCXAF.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCXB0.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCXB1.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCXB2.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCXB3.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCXB4.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCXB5.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCXB6.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCXB7.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCXB8.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCXB9.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCXBA.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCXBD.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCXBE.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCXBF.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCXC0.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCXC1.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCXC2.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCXC3.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCXC4.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCXC5.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCXC6.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCXC7.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCXC8.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCXC9.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCXCA.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCXCB.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCXCC.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCXCD.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCXCE.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCXCF.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCXD0.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCXD1.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCXD2.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCXD3.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCXD4.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCXD5.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCXD6.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCXD7.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCXD8.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCXD9.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCXDA.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCXDB.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCXDC.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCXDD.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCXDE.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCXDF.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCXE0.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCXE1.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCXE2.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCXE3.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCXE4.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCXE5.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCXE6.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCXE7.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCXE8.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCXE9.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCXEA.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCXEB.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCXEC.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCXED.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCXEE.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCXEF.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCXF0.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCXF1.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCXF2.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCXF3.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCXF4.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCXF5.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCXF6.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCXF7.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCXF8.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCXF9.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCXFA.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCXFB.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCXFC.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCXFD.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCXFE.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\RCXFF.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\TMP110.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\TMP117.tmp is infected with W32.Trats
C:\Documents and Settings\Suzy\Local Settings\Temp\TMP122.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\TMP15.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\TMP178.tmp is infected with W32.Trats
C:\Documents and Settings\Suzy\Local Settings\Temp\TMP1FB.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\TMP2D0.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\TMP34C.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\TMP4.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\TMP4B.tmp is infected with W32.Trats
C:\Documents and Settings\Suzy\Local Settings\Temp\TMP4D.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\TMP55.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\TMP58.tmp is infected with W32.Trats
C:\Documents and Settings\Suzy\Local Settings\Temp\TMP6.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\TMP67.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\TMP9A.tmp is infected with Adware.ISMonitor
C:\Documents and Settings\Suzy\Local Settings\Temp\TMPB.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\TMPD.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Local Settings\Temp\TMPDA.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Suzy\Desktop\Install1509(2).exe is infected with Downloader.MisleadApp
C:\Documents and Settings\Suzy\Desktop\Install1509.exe is infected with Downloader.MisleadApp
C:\Documents and Settings\Suzy\Desktop\Setup(2).exe is infected with Adware.ZangoSearch
C:\Documents and Settings\Suzy\Desktop\Setup(3).exe is infected with Adware.ZangoSearch
C:\Documents and Settings\Suzy\Desktop\Setup.exe is infected with Adware.180Solutions
C:\Documents and Settings\Suzy\Desktop\Setup.exe is infected with Adware.ZangoSearch
C:\Documents and Settings\Suzy\Desktop\_bm1fc2FfbWFfa3cxX21hMTA_eWFob28uY29t_bm1fMTUxMDc2XzI2YWIxYzEwYzE2YzExZGM5OWRlMTUxMDc2ZGRmZmZmXzJkNjIxMjliOTU5ZjQ2ZjhhOTNkZDNmMTg0MGNjN2Ri_.exe is infected with Trojan Horse
C:\Documents and Settings\Owner\My Documents\My Videos\BSINSTALL.exe is infected with Adware.Savenow
C:\Documents and Settings\Owner\My Documents\My Videos\ZangoWindWords.exe is infected with Adware.ZangoSearch
C:\Documents and Settings\Owner\Local Settings\Temp\RCX23.tmp is infected with W32.Trats!inf
C:\Documents and Settings\Owner\Local Settings\Temp\RCX29.tmp is infected with W32.Trats!inf



Solution: Install All-In-One Security

Norton 360™: Keeps hackers out and personal data in with comprehensive, automated protection with our proven PC Security & PC tuneup technologies PLUS new antiphishing and automated backup.

MORE INFO

SEE A DEMO



Need Help? We're here for you.

Let our expert technicians remove viruses and spyware while you sit back and watch.

MORE INFO




Compare Products



*****************************************************************

Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:16:43 PM, on 2/27/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn6\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn6\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Plaxo - {81CA3009-6200-4a6d-93C6-F1E9A6821C7F} - C:\Program Files\Plaxo\IE Toolbar\1.0.0.11\plx_tlbr.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn6\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Plaxo - {81CA3009-6200-4a6d-93C6-F1E9A6821C7F} - C:\Program Files\Plaxo\IE Toolbar\1.0.0.11\plx_tlbr.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [PDUiP6600DMon] C:\Program Files\Canon\Memory Card Utility\iP6600D\PDUiP6600DMon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8582] command /c del "C:\WINDOWS\system32\jkklm.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9131] cmd /c del "C:\WINDOWS\system32\jkklm.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1334] command /c del "C:\WINDOWS\system32\jkklm.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5206] cmd /c del "C:\WINDOWS\system32\jkklm.dll_old"
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [QdrModule12] "C:\Program Files\QdrModule\QdrModule12.exe"
O4 - HKCU\..\Run: [QdrPack12] "C:\Program Files\QdrPack\QdrPack12.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - .DEFAULT User Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe (User 'Default user')
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} - http://www.spywarestormer.com/files2/Install.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4E7BD74F-2B8D-469E-DEFA-EB76B1D5FA7D} - http://musicoffaith.aavalue.com/mof/toolbar/mof-toolbar.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} - http://download.toontown.com/sv1.0.14.27/ttinst.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitch.com/sbcyahoo/TrueInstallSBC.exe
O20 - Winlogon Notify: awtsqrs - awtsqrs.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\rthlpsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 11373 bytes


*****************************************************************

combofix log:



ComboFix 08-02-25.3 - Suzy 2008-02-27 18:31:08.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.267 [GMT -8:00]
Running from: C:\Documents and Settings\Suzy\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Suzy\g2mdlhlpx.exe
C:\Documents and Settings\Suzy\Start Menu\Programs\Internet Speed Monitor
C:\Documents and Settings\Suzy\Start Menu\Programs\Internet Speed Monitor\Check Now.lnk
C:\Documents and Settings\Suzy\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnk
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Canon\Memory Card Utility\iP6600D\PDUiP6600DMon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ISM
C:\Program Files\ISM\ism.exe
C:\Program Files\ISM\Uninstall.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MyWay
C:\Program Files\QdrDrive
C:\Program Files\QdrDrive\QdrDrive9.dll
C:\Program Files\QdrDrive\qdrloader.exe
C:\Program Files\QdrModule
C:\Program Files\QdrModule\dic.gz
C:\Program Files\QdrModule\kwd.gz
C:\Program Files\QdrModule\QdrModule11 .exe
C:\Program Files\QdrModule\QdrModule12 .exe
C:\Program Files\QdrPack
C:\Program Files\QdrPack\dicts.gz
C:\Program Files\QdrPack\QdrPack11 .exe
C:\Program Files\QdrPack\QdrPack12 .exe
C:\Program Files\QdrPack\trgts.gz
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\000080.exe
C:\WINDOWS\system32\ctfmon.exe.tmp
C:\WINDOWS\system32\emywwmsp.dll
C:\WINDOWS\system32\fmodiwdh.dll
C:\WINDOWS\system32\iesnmrny.ini
C:\WINDOWS\system32\jkklm.dll
C:\WINDOWS\system32\jkklm.exe
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mgmpjevl.dll
C:\WINDOWS\system32\mlkkj.ini
C:\WINDOWS\system32\mlkkj.ini2
C:\WINDOWS\system32\nwdbrkec.dll
C:\WINDOWS\system32\omigajpc.dll
C:\WINDOWS\system32\pajiktwj.dll
C:\WINDOWS\system32\qefejkvm.dll
C:\WINDOWS\system32\smcrgmrr.dll
C:\WINDOWS\system32\tvamnnmw.dll
C:\WINDOWS\system32\vpbquhqb.dll
C:\WINDOWS\system32\xuchtusq.dll
C:\WINDOWS\system32\ynrmnsei.dll
E:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-01-28 to 2008-02-28 )))))))))))))))))))))))))))))))
.

2008-02-27 18:26 . 2008-02-27 18:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-02-26 18:08 . 2008-02-27 18:31 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-26 18:08 . 2008-02-26 18:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-25 21:28 . 2008-02-25 21:28 <DIR> d-------- C:\Program Files\spybot
2008-02-25 20:17 . 2008-02-25 20:17 6,237,232 --a------ C:\spybotsd152rc1.exe
2008-02-25 20:08 . 2003-04-09 23:00 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-02-25 20:08 . 2003-12-19 22:04 <DIR> d---s---- C:\Documents and Settings\Administrator\UserData
2008-02-25 20:08 . 2004-06-02 22:00 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\VERITAS
2008-02-25 20:08 . 2003-04-10 03:19 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2008-02-25 20:08 . 2003-04-09 22:35 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sonic
2008-02-25 20:08 . 2003-04-09 22:27 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Share-to-Web Upload Folder
2008-02-25 20:08 . 2003-04-09 23:04 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SampleView
2008-02-25 20:08 . 2003-12-01 17:30 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InterVideo
2008-02-25 20:08 . 2003-04-09 22:52 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InterTrust
2008-02-25 20:08 . 2003-04-10 03:21 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\interMute
2008-02-25 20:08 . 2007-09-07 19:06 <DIR> d--h----- C:\Documents and Settings\Administrator\Application Data\GTek
2008-02-25 20:08 . 2003-11-30 11:20 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Corel
2008-02-25 20:08 . 2003-11-02 18:34 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\ArcSoft
2008-02-25 20:08 . 2004-02-17 22:57 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AOL
2008-02-25 20:08 . 2004-05-28 15:24 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Aim
2008-02-25 20:02 . 2008-02-27 13:03 13,312 --a------ C:\WINDOWS\system32\ctfmon .exe
2008-02-25 15:18 . 2008-02-25 19:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Retrospect
2008-02-25 15:16 . 2008-02-25 15:16 <DIR> d-------- C:\Program Files\Dantz
2008-02-14 17:26 . 2008-02-27 18:28 62,731 --a------ C:\WINDOWS\BMbf8865d9.xml
2008-02-14 17:26 . 2008-02-27 18:24 22 --a------ C:\WINDOWS\pskt.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-28 02:34 --------- d-----w C:\Program Files\QuickTime
2008-02-28 02:34 --------- d-----w C:\Program Files\iTunes
2008-02-27 03:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-02-27 03:55 --------- d-----w C:\Program Files\BearShare
2008-02-26 04:02 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-26 04:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-26 03:57 --------- d-----w C:\Program Files\Symantec
2008-02-26 03:53 --------- d-----w C:\Documents and Settings\Suzy\Application Data\Symantec
2008-02-26 03:53 --------- d-----w C:\Documents and Settings\Ryan.OFFICE\Application Data\Symantec
2008-02-26 03:53 --------- d-----w C:\Documents and Settings\Riley\Application Data\Symantec
2008-02-26 03:53 --------- d-----w C:\Documents and Settings\Owner\Application Data\Symantec
2008-02-06 00:48 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-26 18:38 --------- d-----w C:\Documents and Settings\Suzy\Application Data\Yahoo!
2008-01-26 18:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-01-22 15:20 14,336 ----a-w C:\Documents and Settings\Suzy\Application Data\rowjp .exe
2008-01-19 19:00 14,336 ----a-w C:\kUUq.exe
2008-01-15 18:29 --------- d-----w C:\Program Files\Linksys EasyLink Advisor
2008-01-15 16:04 --------- d-----w C:\Program Files\RcvSystem
2008-01-04 00:27 --------- d-----w C:\Documents and Settings\Suzy\Application Data\Yahoo! Messenger
2008-01-02 04:10 --------- d-----w C:\Program Files\iPod
2008-01-02 04:04 --------- d-----w C:\Program Files\Apple Software Update
2008-01-02 04:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2004-04-06 21:55 0 ----a-w C:\Program Files\asd.hta
.
<pre>
----a-w			14,336 2008-01-22 15:20:10  C:\Documents and Settings\Suzy\Application Data\rowjp .exe
----a-w			39,792 2008-02-27 22:22:36  C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
----a-w		   368,706 2008-02-27 22:22:27  C:\Program Files\BroadJump\Client Foundation\CFD .exe
----a-w			69,632 2008-02-27 22:22:30  C:\Program Files\Canon\Memory Card Utility\iP6600D\PDUiP6600DMon .exe
----a-w			50,792 2008-01-14 15:49:47  C:\Program Files\Common Files\AOL\Launch\AOLLaunch .exe
----a-w		   185,784 2008-02-27 22:22:31  C:\Program Files\Common Files\Real\Update_OB\realsched .exe
----a-w		   579,072 2008-02-22 18:58:01  C:\Program Files\Grisoft\AVG7\avgcc .exe
----a-w		   267,048 2008-02-27 22:22:36  C:\Program Files\iTunes\iTunesHelper .exe
----a-w		   454,784 2008-01-15 17:22:51  C:\Program Files\Linksys EasyLink Advisor\LinksysAgent .exe
----a-w		   286,720 2008-02-17 05:26:06  C:\Program Files\QuickTime\qttask							 .exe
----a-w		   658,944 2008-02-16 18:34:06  C:\Program Files\QuickTime\qttask						   .exe
----a-w		   658,944 2008-02-16 03:36:55  C:\Program Files\QuickTime\qttask						  .exe
----a-w		   658,944 2008-02-14 22:17:22  C:\Program Files\QuickTime\qttask						 .exe
----a-w		   658,944 2008-02-13 17:46:50  C:\Program Files\QuickTime\qttask						.exe
----a-w		   658,944 2008-02-12 15:29:02  C:\Program Files\QuickTime\qttask					   .exe
----a-w		   658,944 2008-02-12 02:28:36  C:\Program Files\QuickTime\qttask					  .exe
----a-w		   658,944 2008-02-11 15:49:40  C:\Program Files\QuickTime\qttask					 .exe
----a-w		   658,944 2008-02-10 19:29:11  C:\Program Files\QuickTime\qttask					.exe
----a-w		   658,944 2008-02-09 17:47:04  C:\Program Files\QuickTime\qttask				   .exe
----a-w		   658,944 2008-02-06 23:11:58  C:\Program Files\QuickTime\qttask				  .exe
----a-w		   658,944 2008-02-06 15:42:40  C:\Program Files\QuickTime\qttask				 .exe
----a-w		   658,944 2008-02-05 05:12:42  C:\Program Files\QuickTime\qttask				.exe
----a-w		   658,944 2008-02-04 15:36:53  C:\Program Files\QuickTime\qttask			   .exe
----a-w		   658,944 2008-02-03 18:35:37  C:\Program Files\QuickTime\qttask			  .exe
----a-w		   658,944 2008-02-02 21:16:43  C:\Program Files\QuickTime\qttask			 .exe
----a-w		   658,944 2008-02-02 17:52:46  C:\Program Files\QuickTime\qttask			.exe
----a-w		   658,944 2008-02-02 03:00:54  C:\Program Files\QuickTime\qttask		   .exe
----a-w		   658,944 2008-02-01 04:06:26  C:\Program Files\QuickTime\qttask		  .exe
----a-w		   658,944 2008-01-31 06:32:02  C:\Program Files\QuickTime\qttask		 .exe
----a-w		   658,944 2008-01-29 22:38:45  C:\Program Files\QuickTime\qttask		.exe
----a-w		   658,944 2008-01-28 01:54:13  C:\Program Files\QuickTime\qttask	   .exe
----a-w		   658,944 2008-01-26 23:36:13  C:\Program Files\QuickTime\qttask	  .exe
----a-w		   658,944 2008-01-25 15:27:41  C:\Program Files\QuickTime\qttask	 .exe
----a-w		   658,944 2008-01-24 15:47:08  C:\Program Files\QuickTime\qttask	.exe
----a-w		   658,944 2008-01-22 15:19:47  C:\Program Files\QuickTime\qttask   .exe
----a-w		   658,944 2008-01-21 17:51:06  C:\Program Files\QuickTime\qttask  .exe
----a-w		   658,944 2008-01-20 18:42:00  C:\Program Files\QuickTime\qttask .exe
----a-w		   380,928 2008-02-27 22:22:28  C:\Program Files\SBC Self Support Tool\SmartBridge\MotiveSB .exe
----a-w		   755,480 2008-02-27 22:22:28  C:\Program Files\Zone Labs\ZoneAlarm\zlclient .exe
----a-w		   212,992 2008-02-11 15:49:40  C:\WINDOWS\SMINST\RECGUARD .EXE
----a-w			52,736 2008-02-24 00:51:26  C:\WINDOWS\system\hpsysdrv .exe
----a-w			13,312 2008-02-27 21:03:37  C:\WINDOWS\system32\ctfmon .exe
----a-w		   114,688 2008-02-17 19:35:46  C:\WINDOWS\system32\hkcmd .exe
----a-w			81,920 2008-02-19 02:24:28  C:\WINDOWS\system32\ps2 .exe
</pre>


-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="nview.dll" [2003-03-03 10:44 831557 C:\WINDOWS\system32\nview.dll]
"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2002-08-29 04:00 13312]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [ ]
"Aim6"="C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" [ ]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [ ]
"QdrModule12"="C:\Program Files\QdrModule\QdrModule12.exe" [ ]
"QdrPack12"="C:\Program Files\QdrPack\QdrPack12.exe" [ ]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [ ]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [ ]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [ ]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-03-03 10:44 4595712]
"nwiz"="nwiz.exe" [2003-03-03 10:44 323584 C:\WINDOWS\system32\nwiz.exe]
"PS2"="C:\WINDOWS\system32\ps2.exe" [ ]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [ ]
"Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [ ]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [ ]
"PDUiP6600DMon"="C:\Program Files\Canon\Memory Card Utility\iP6600D\PDUiP6600DMon.exe" [ ]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [ ]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 12:47 57344 C:\WINDOWS\ALCXMNTR.EXE]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [ ]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [ ]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingA8582"="command /c del C:\WINDOWS\system32\jkklm.dll" [ ]
"SpybotDeletingC9131"="cmd /c del C:\WINDOWS\system32\jkklm.dll" [ ]
"SpybotDeletingA1334"="command /c del C:\WINDOWS\system32\jkklm.dll_old" [ ]
"SpybotDeletingC5206"="cmd /c del C:\WINDOWS\system32\jkklm.dll_old" [ ]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
spamsubtract.lnk - C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe [2003-04-10 03:21:36 552960]

C:\Documents and Settings\Ryan.OFFICE\Start Menu\Programs\Startup\
spamsubtract.lnk - C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe [2003-04-10 03:21:36 552960]

C:\Documents and Settings\Tara\Start Menu\Programs\Startup\
spamsubtract.lnk - C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe [2003-04-10 03:21:36 552960]

C:\Documents and Settings\Terra\Start Menu\Programs\Startup\
spamsubtract.lnk - C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe [2003-04-10 03:21:36 552960]

C:\Documents and Settings\Riley\Start Menu\Programs\Startup\
spamsubtract.lnk - C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe [2003-04-10 03:21:36 552960]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-12-24 18:20:37 124400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awtsqrs]
awtsqrs.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
C:\Program Files\Softex\OmniPass\opxpgina.dll 2003-02-21 02:50 40960 C:\Program Files\Softex\OmniPass\OPXPGina.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Yahoo!\\Messenger\\yserver.exe"=

S3 PCDRDRV;Pcdr Helper Driver;C:\PROGRA~1\PC-DOC~1\DIAGNO~1\PCDRDRV.sys []

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-27 19:09:06
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\Softex\OmniPass\opxpgina.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
.
**************************************************************************
.
Completion time: 2008-02-27 19:11:50 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-28 03:11:48
.
2008-02-27 21:06:54 --- E O F ---
*****************************************************

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,593 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:13 PM

Posted 17 March 2008 - 03:26 PM

I apologize for the very long delay. We have a huge backlog of HijackThis Logs to handle and it has been taking us greater time than normal to get caught up. If you are still having a problem, and want us to analyze your information, please post a brand new hijackthis log. If we do not hear back from you within a couple of days we will need to close your topic.

When posting your logs please post them directly into the reply. Do not attach them.

Also make sure you have already followed the steps outlined below:

Preparation Guide For Use Before Posting A Hijackthis Log

Thank you for your patience.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users