Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Has Virtumonde


  • This topic is locked This topic is locked
14 replies to this topic

#1 keebee

keebee

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:11 AM

Posted 07 February 2008 - 07:31 PM

Hi,

We have TrendMicro OfficeScan that turns up nothing in a scan. I've tried Spybot many times and it says it is clean only to show up again after short periods of time. Attached it the HiJackThis log file. Thanks for your help again!

Jim

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:23:09 PM, on 2/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Citrix\GoToMyPC\g2svc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Citrix\GoToMyPC\g2comm.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\Citrix\GoToMyPC\g2pre.exe
C:\WINDOWS\System32\PRISMSVC.EXE
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\Citrix\GoToMyPC\g2tray.exe
C:\Program Files\Trend Micro\OfficeScan Client\ofcdog.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PRISMSVR.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Dell Wireless\PRISMCFG.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: {64375a3b-798d-913a-45b4-511a2ca45d42} - {24d54ac2-a115-4b54-a319-d897b3a57346} - C:\WINDOWS\system32\vscrscss.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {D4576C73-52BD-4401-B966-5A128C4433D4} - C:\WINDOWS\system32\ddcdcde.dll (file missing)
O2 - BHO: (no name) - {E140A39F-622A-46A4-AF6F-83855D582F08} - C:\WINDOWS\system32\sstqp.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [Acronis True Image Monitor] "C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [4ca10fde] rundll32.exe "C:\WINDOWS\system32\spcslspa.dll",b
O4 - HKLM\..\Run: [GoToMyPC] "C:\Program Files\Citrix\GoToMyPC\g2svc.exe" -logon
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AdwareProMFC] C:\Program Files\Ad-Ware Pro\Ad-Ware Pro.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-21-462919654-361449859-1949372280-1163\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Wireless USB 2.0 WLAN Card Utility.lnk = ?
O8 - Extra context menu item: &Search - ?p=ZSzed001YYUS_ZNxmk146BWUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://encompasssrv.encompasses.local:4343...ll/WinNTChk.cab
O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupINICtrl Class) - https://encompasssrv.encompasses.local:4343...ll/setupini.cab
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://encompasssrv.encompasses.local:4343...stall/setup.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1A26F07F-0D60-4835-91CF-1E1766A0EC56} - http://scanner2.malware-scan.com/setup/webinst.cab
O16 - DPF: {2B1AA38D-2D12-11D5-AAD0-00C04FA03D78} (LocalExec Control) - https://portal.cwu.edu/nps/portal/gadgets/c...t/LocalExec.CAB
O16 - DPF: {2D752DD2-5BDD-4ADA-900A-F916E5B13BA6} (CompositeView Control) - http://plso.wadnr.gov/wx/Client/IrcViewer.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - https://encompasssrv.encompasses.local:4343.../RemoveCtrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1121288657499
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = EncompassES.local
O17 - HKLM\Software\..\Telephony: DomainName = EncompassES.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = EncompassES.local
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: ddcdcde - ddcdcde.dll (file missing)
O20 - Winlogon Notify: nqleqscn - nqleqscn.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToMyPC - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToMyPC\g2svc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: PRISMSVC - Conexant Systems, Inc. - C:\WINDOWS\System32\PRISMSVC.EXE
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe

--
End of file - 10558 bytes

BC AdBot (Login to Remove)

 


#2 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:10:11 AM

Posted 15 February 2008 - 04:05 PM

Hello keebee,

Welcome to the Bleeping Computer Malware Removal Forum, sorry about the delay, but the amount of people posting with infected computers is through the roof and sometimes we can't get to logs as fast as we would like to. If you have not resolved your issue and still need assistance, post a new HJT log please as your system may have changed since your original log.

Ken

mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days


#3 keebee

keebee
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:11 AM

Posted 15 February 2008 - 04:56 PM

The HJT log has not changed as the computer has been turned off. Please use the previously posted log.

#4 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:10:11 AM

Posted 15 February 2008 - 05:46 PM

Do this first, Important


Disable the TeaTimer, you can re enable it when were done if you wish
  • Run Spybot-S&D in Advanced Mode.
  • If it is not already set to do this Go to the Mode menu select "Advanced Mode"
  • On the left hand side, Click on Tools
  • Then click on the Resident Icon in the List
  • Uncheck "Resident TeaTimer" and OK any prompts.
  • Restart your computer. <-- Important


C:\Program Files\Ad-Ware Pro <-- This is part of your problem, its a Rogue Anti Spyware Program

Run these in order please


Open HijackThis > Do a System Scan Only, close your browser and all open windows including this one, the only program or window you should have open is HijackThis, check the following entries and click on Fix Checked.

O2 - BHO: {64375a3b-798d-913a-45b4-511a2ca45d42} - {24d54ac2-a115-4b54-a319-d897b3a57346} - C:\WINDOWS\system32\vscrscss.dll
O2 - BHO: (no name) - {D4576C73-52BD-4401-B966-5A128C4433D4} - C:\WINDOWS\system32\ddcdcde.dll (file missing)
O2 - BHO: (no name) - {E140A39F-622A-46A4-AF6F-83855D582F08} - C:\WINDOWS\system32\sstqp.dll (file missing)

O4 - HKLM\..\Run: [4ca10fde] rundll32.exe "C:\WINDOWS\system32\spcslspa.dll",b
O4 - HKCU\..\Run: [AdwareProMFC] C:\Program Files\Ad-Ware Pro\Ad-Ware Pro.exe

O16 - DPF: {1A26F07F-0D60-4835-91CF-1E1766A0EC56} - http://scanner2.malware-scan.com/setup/webinst.cab

O20 - Winlogon Notify: ddcdcde - ddcdcde.dll (file missing)
O20 - Winlogon Notify: nqleqscn - nqleqscn.dll (file missing)





Download VundoFix to your desktop
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.




Please download SuperAntiSpyware
Install the program
  • Run SuperAntiSpyware and click: Check for updates
  • Once the update is finished, on the main screen, click: Scan your computer
  • Check: Perform Complete Scan
  • Click Next to start the scan.
Superantispyware scans the computer, and when finished, lists all the infections found.
Make sure everything found has a check next to it, and press: Next
Then, click Finish

It is possible that the program asks to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:
  • Click: Preferences
  • Click the Statistics/Logs tab
  • Under Scanner Logs, double-click SuperAntiSpyware Scan Log
It opens in your default text editor (such as Notepad)

Please provide the SuperAntiSpyware log in your reply, as well as a new HijackThis log.




Follow the instructions exactly, make sure to save it to your desktop and disconnect your cable from the internet.

Download ComboFix from Here or Here to your Desktop.

In the event you already have Combofix, this is a new version that I need you to download.
It must be saved directly to your desktop.


1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan.
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Remember to re enable the protection again afterwards before connecting to the net
2. Close any open browsers and make sure you are disconnected from the net. Unplug the cable if need be before running combofix.
  • IF you have not already done so Combofix will disconnect your machine from the Internet when it starts.
  • If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
3. Now double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review

Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze.


I need to see the reports from Vundofix, SAS, Combofix and a New HJT log, it most likely won't fit in one reply so take as many as you need.

mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days


#5 keebee

keebee
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:11 AM

Posted 18 February 2008 - 06:02 PM

Here are the logs (all 4) after following your directions. Thanks!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:50, on 2008-02-18
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Citrix\GoToMyPC\g2svc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Citrix\GoToMyPC\g2comm.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\Citrix\GoToMyPC\g2pre.exe
C:\WINDOWS\System32\PRISMSVC.EXE
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\Citrix\GoToMyPC\g2tray.exe
C:\Program Files\Trend Micro\OfficeScan Client\ofcdog.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\PRISMSVR.EXE
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [Acronis True Image Monitor] "C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [GoToMyPC] "C:\Program Files\Citrix\GoToMyPC\g2svc.exe" -logon
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Wireless USB 2.0 WLAN Card Utility.lnk = ?
O8 - Extra context menu item: &Search - ?p=ZSzed001YYUS_ZNxmk146BWUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://encompasssrv.encompasses.local:4343...ll/WinNTChk.cab
O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupINICtrl Class) - https://encompasssrv.encompasses.local:4343...ll/setupini.cab
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://encompasssrv.encompasses.local:4343...stall/setup.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2B1AA38D-2D12-11D5-AAD0-00C04FA03D78} (LocalExec Control) - https://portal.cwu.edu/nps/portal/gadgets/c...t/LocalExec.CAB
O16 - DPF: {2D752DD2-5BDD-4ADA-900A-F916E5B13BA6} (CompositeView Control) - http://plso.wadnr.gov/wx/Client/IrcViewer.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - https://encompasssrv.encompasses.local:4343.../RemoveCtrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1121288657499
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = EncompassES.local
O17 - HKLM\Software\..\Telephony: DomainName = EncompassES.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = EncompassES.local
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToMyPC - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToMyPC\g2svc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: PRISMSVC - Conexant Systems, Inc. - C:\WINDOWS\System32\PRISMSVC.EXE
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe

--
End of file - 9458 bytes

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/18/2008 at 01:44 PM

Application Version : 3.9.1008

Core Rules Database Version : 3259
Trace Rules Database Version: 1270

Scan type : Complete Scan
Total Scan Time : 00:42:57

Memory items scanned : 401
Memory threats detected : 0
Registry items scanned : 7846
Registry threats detected : 0
File items scanned : 51271
File threats detected : 249

Adware.Tracking Cookie
C:\Documents and Settings\valerie\Cookies\valerie@superstats[1].txt
C:\Documents and Settings\valerie\Cookies\valerie@www.burstbeacon[1].txt
C:\Documents and Settings\valerie\Cookies\valerie@ads.as4x.tmcs.ticketmaster[1].txt
C:\Documents and Settings\valerie\Cookies\valerie@audioadserver[2].txt
C:\Documents and Settings\valerie\Cookies\valerie@smileycentral[2].txt
C:\Documents and Settings\valerie\Cookies\valerie@popularscreensavers[1].txt
C:\Documents and Settings\valerie\Cookies\valerie@screensavers[2].txt
C:\Documents and Settings\valerie\Cookies\valerie@stats.premera[1].txt
C:\Documents and Settings\valerie\Cookies\valerie@85084061[1].txt
C:\Documents and Settings\valerie\Cookies\valerie@clicksor[1].txt
C:\Documents and Settings\valerie\Cookies\valerie@cgi-bin[3].txt
C:\Documents and Settings\valerie\Cookies\valerie@rotator.dex.adjuggler[1].txt
C:\Documents and Settings\valerie\Cookies\valerie@jokes[1].txt
C:\Documents and Settings\valerie\Cookies\valerie@www.screensavers[2].txt
C:\Documents and Settings\Encompass.ENCOMPASSES\Cookies\encompass@2o7[2].txt
C:\Documents and Settings\Encompass.ENCOMPASSES\Cookies\encompass@adknowledge[1].txt
C:\Documents and Settings\Encompass.ENCOMPASSES\Cookies\encompass@ads.as4x.tmcs.ticketmaster[2].txt
C:\Documents and Settings\Encompass.ENCOMPASSES\Cookies\encompass@ads.as4x.tmcs[1].txt
C:\Documents and Settings\Encompass.ENCOMPASSES\Cookies\encompass@ads.belointeractive[1].txt
C:\Documents and Settings\Encompass.ENCOMPASSES\Cookies\encompass@ads.monster[1].txt
C:\Documents and Settings\Encompass.ENCOMPASSES\Cookies\encompass@advertising[2].txt
C:\Documents and Settings\Encompass.ENCOMPASSES\Cookies\encompass@atdmt[1].txt
C:\Documents and Settings\Encompass.ENCOMPASSES\Cookies\encompass@atwola[1].txt
C:\Documents and Settings\Encompass.ENCOMPASSES\Cookies\encompass@banners.nbcupromotes[1].txt
C:\Documents and Settings\Encompass.ENCOMPASSES\Cookies\encompass@bluestreak[2].txt
C:\Documents and Settings\Encompass.ENCOMPASSES\Cookies\encompass@burstnet[1].txt
C:\Documents and Settings\Encompass.ENCOMPASSES\Cookies\encompass@citi.bridgetrack[2].txt
C:\Documents and Settings\Encompass.ENCOMPASSES\Cookies\encompass@data1.perf.overture[2].txt
C:\Documents and Settings\Encompass.ENCOMPASSES\Cookies\encompass@doubleclick[2].txt
C:\Documents and Settings\Encompass.ENCOMPASSES\Cookies\encompass@e-2dj6wfkoukc5oep.stats.esomniture[2].txt
C:\Documents and Settings\Encompass.ENCOMPASSES\Cookies\encompass@e-2dj6wjkosmajwlo.stats.esomniture[2].txt
C:\Documents and Settings\Encompass.ENCOMPASSES\Cookies\encompass@e-2dj6wjkycjazwlq.stats.esomniture[2].txt
C:\Documents and Settings\Encompass.ENCOMPASSES\Cookies\encompass@e-2dj6wjkyohdpsdp.stats.esomniture[2].txt
C:\Documents and Settings\Encompass.ENCOMPASSES\Cookies\encompass@e-2dj6wjl4chcjibo.stats.esomniture[2].txt
C:\Documents and Settings\Encompass.ENCOMPASSES\Cookies\encompass@e-2dj6wjlisjcpsbo.stats.esomniture[2].txt
C:\Documents and Settings\Encompass.ENCOMPASSES\Cookies\encompass@e-2dj6wjnyqoczsgo.stats.esomniture[2].txt
C:\Documents and Settings\Encompass.ENCOMPASSES\Cookies\encompass@e-2dj6wjnyuicpogp.stats.esomniture[2].txt
C:\Documents and Settings\Encompass.ENCOMPASSES\Cookies\encompass@edge.ru4[1].txt
C:\Documents and Settings\Encompass.ENCOMPASSES\Cookies\encompass@ehg-ati.hitbox[1].txt
C:\Documents and Settings\Encompass.ENCOMPASSES\Cookies\encompass@ehg-foxsports.hitbox[2].txt
C:\Documents and Settings\Encompass.ENCOMPASSES\Cookies\encompass@ehg-tigerdirect2.hitbox[1].txt
C:\Documents and Settings\Encompass.ENCOMPASSES\Cookies\encompass@ehg.hitbox[1].txt
C:\Documents and Settings\Encompass.ENCOMPASSES\Cookies\encompass@fastclick[1].txt
C:\Documents and Settings\Encompass.ENCOMPASSES\Cookies\encompass@hitbox[2].txt
C:\Documents and Settings\Encompass.ENCOMPASSES\Cookies\encompass@icc.intellisrv[2].txt
C:\Documents and Settings\Encompass.ENCOMPASSES\Cookies\encompass@media.fastclick[2].txt
C:\Documents and Settings\Encompass.ENCOMPASSES\Cookies\encompass@mediaplayer.sirius[2].txt
C:\Documents and Settings\Encompass.ENCOMPASSES\Cookies\encompass@mediaplex[2].txt
C:\Documents and Settings\Encompass.ENCOMPASSES\Cookies\encompass@nextag[2].txt
C:\Documents and Settings\Encompass.ENCOMPASSES\Cookies\encompass@onlinerewardcenter[2].txt
C:\Documents and Settings\Encompass.ENCOMPASSES\Cookies\encompass@overture[2].txt
C:\Documents and Settings\Encompass.ENCOMPASSES\Cookies\encompass@revsci[2].txt
C:\Documents and Settings\Encompass.ENCOMPASSES\Cookies\encompass@serving-sys[2].txt
C:\Documents and Settings\Encompass.ENCOMPASSES\Cookies\encompass@statcounter[1].txt
C:\Documents and Settings\Encompass.ENCOMPASSES\Cookies\encompass@stats.manticoretechnology[1].txt
C:\Documents and Settings\Encompass.ENCOMPASSES\Cookies\encompass@statse.webtrendslive[1].txt
C:\Documents and Settings\Encompass.ENCOMPASSES\Cookies\encompass@www.burstbeacon[1].txt
C:\Documents and Settings\Encompass.ENCOMPASSES\Cookies\encompass@z1.adserver[1].txt
C:\Documents and Settings\Encompass.ENCOMPASSES\Cookies\encompass@zedo[2].txt
C:\Documents and Settings\valerie\Cookies\valerie@247realmedia[2].txt
C:\Documents and Settings\valerie\Cookies\valerie@5.go.globaladsales[1].txt
C:\Documents and Settings\valerie\Cookies\valerie@ad.outerinfoads[1].txt
C:\Documents and Settings\valerie\Cookies\valerie@ad1.fotki[2].txt
C:\Documents and Settings\valerie\Cookies\valerie@ad2networks.advertserve[1].txt
C:\Documents and Settings\valerie\Cookies\valerie@adbrite[1].txt
C:\Documents and Settings\valerie\Cookies\valerie@adecn[1].txt
C:\Documents and Settings\valerie\Cookies\valerie@adlegend[2].txt
C:\Documents and Settings\valerie\Cookies\valerie@adopt.euroclick[2].txt
C:\Documents and Settings\valerie\Cookies\valerie@adopt.specificclick[2].txt
C:\Documents and Settings\valerie\Cookies\valerie@ads.adbrite[1].txt
C:\Documents and Settings\valerie\Cookies\valerie@ads.admodus[2].txt
C:\Documents and Settings\valerie\Cookies\valerie@ads.as4x.tmcs[2].txt
C:\Documents and Settings\valerie\Cookies\valerie@ads.joinaxxess[1].txt
C:\Documents and Settings\valerie\Cookies\valerie@ads.monster[2].txt
C:\Documents and Settings\valerie\Cookies\valerie@ads.pointroll[1].txt
C:\Documents and Settings\valerie\Cookies\valerie@ads.realtechnetwork[1].txt
C:\Documents and Settings\valerie\Cookies\valerie@ads.traderonline[1].txt
C:\Documents and Settings\valerie\Cookies\valerie@ads3.think-adz[2].txt
C:\Documents and Settings\valerie\Cookies\valerie@adserver[1].txt
C:\Documents and Settings\valerie\Cookies\valerie@adserving.autotrader[2].txt
C:\Documents and Settings\valerie\Cookies\valerie@adv.webmd[1].txt
C:\Documents and Settings\valerie\Cookies\valerie@advertising[2].txt
C:\Documents and Settings\valerie\Cookies\valerie@alexanderinteractive.112.2o7[1].txt
C:\Documents and Settings\valerie\Cookies\valerie@amsterdamprinting.122.2o7[1].txt
C:\Documents and Settings\valerie\Cookies\valerie@anad.tacoda[1].txt
C:\Documents and Settings\valerie\Cookies\valerie@anat.tacoda[1].txt
C:\Documents and Settings\valerie\Cookies\valerie@angleinteractive.directtrack[2].txt
C:\Documents and Settings\valerie\Cookies\valerie@atdmt[2].txt
C:\Documents and Settings\valerie\Cookies\valerie@atwola[2].txt
C:\Documents and Settings\valerie\Cookies\valerie@azjmp[2].txt
C:\Documents and Settings\valerie\Cookies\valerie@bannerads.zwire[1].txt
C:\Documents and Settings\valerie\Cookies\valerie@bizrate.co[1].txt
C:\Documents and Settings\valerie\Cookies\valerie@bizrate[1].txt
C:\Documents and Settings\valerie\Cookies\valerie@broadspancommerce.122.2o7[1].txt
C:\Documents and Settings\valerie\Cookies\valerie@bs.serving-sys[2].txt
C:\Documents and Settings\valerie\Cookies\valerie@casalemedia[2].txt
C:\Documents and Settings\valerie\Cookies\valerie@cbs.112.2o7[1].txt
C:\Documents and Settings\valerie\Cookies\valerie@citi.bridgetrack[2].txt
C:\Documents and Settings\valerie\Cookies\valerie@clickbank[1].txt
C:\Documents and Settings\valerie\Cookies\valerie@client.roiadtracker[2].txt
C:\Documents and Settings\valerie\Cookies\valerie@coatrackshack[1].txt
C:\Documents and Settings\valerie\Cookies\valerie@collective-media[2].txt
C:\Documents and Settings\valerie\Cookies\valerie@coolsavings[2].txt
C:\Documents and Settings\valerie\Cookies\valerie@cpvfeed[2].txt
C:\Documents and Settings\valerie\Cookies\valerie@data1.perf.overture[1].txt
C:\Documents and Settings\valerie\Cookies\valerie@data2.perf.overture[2].txt
C:\Documents and Settings\valerie\Cookies\valerie@datamediator.jamestower[1].txt
C:\Documents and Settings\valerie\Cookies\valerie@dealtime[2].txt
C:\Documents and Settings\valerie\Cookies\valerie@directtrack[1].txt
C:\Documents and Settings\valerie\Cookies\valerie@dminsite.112.2o7[1].txt
C:\Documents and Settings\valerie\Cookies\valerie@e-2dj6wjlignc5ifp.stats.esomniture[2].txt
C:\Documents and Settings\valerie\Cookies\valerie@eas.apm.emediate[2].txt
C:\Documents and Settings\valerie\Cookies\valerie@ebsco.122.2o7[1].txt
C:\Documents and Settings\valerie\Cookies\valerie@edge.ru4[1].txt
C:\Documents and Settings\valerie\Cookies\valerie@ehg-autodesk.hitbox[2].txt
C:\Documents and Settings\valerie\Cookies\valerie@ehg-dig.hitbox[2].txt
C:\Documents and Settings\valerie\Cookies\valerie@ehg-envano.hitbox[1].txt
C:\Documents and Settings\valerie\Cookies\valerie@ehg-foxsports.hitbox[2].txt
C:\Documents and Settings\valerie\Cookies\valerie@ehg-harleydavidson.hitbox[1].txt
C:\Documents and Settings\valerie\Cookies\valerie@ehg-myspaceinc.hitbox[2].txt
C:\Documents and Settings\valerie\Cookies\valerie@ehg-newarkinone.hitbox[1].txt
C:\Documents and Settings\valerie\Cookies\valerie@ehg-professionalequipment.hitbox[1].txt
C:\Documents and Settings\valerie\Cookies\valerie@ehg-proflowers.hitbox[2].txt
C:\Documents and Settings\valerie\Cookies\valerie@ehg-traderpublishing.hitbox[2].txt
C:\Documents and Settings\valerie\Cookies\valerie@fcstats.bcentral[1].txt
C:\Documents and Settings\valerie\Cookies\valerie@fortunecity[1].txt
C:\Documents and Settings\valerie\Cookies\valerie@free-popular-screensavers[1].txt
C:\Documents and Settings\valerie\Cookies\valerie@go.winantispyware[2].txt
C:\Documents and Settings\valerie\Cookies\valerie@go.winantivirus[1].txt
C:\Documents and Settings\valerie\Cookies\valerie@h.starware[2].txt
C:\Documents and Settings\valerie\Cookies\valerie@hc2.humanclick[1].txt
C:\Documents and Settings\valerie\Cookies\valerie@i.screensavers[1].txt
C:\Documents and Settings\valerie\Cookies\valerie@iacas.adbureau[1].txt
C:\Documents and Settings\valerie\Cookies\valerie@incredimailltd.112.2o7[1].txt
C:\Documents and Settings\valerie\Cookies\valerie@indexstats[1].txt
C:\Documents and Settings\valerie\Cookies\valerie@indextools[2].txt
C:\Documents and Settings\valerie\Cookies\valerie@inteletrack[2].txt
C:\Documents and Settings\valerie\Cookies\valerie@kanoodle[2].txt
C:\Documents and Settings\valerie\Cookies\valerie@keywordmax[1].txt
C:\Documents and Settings\valerie\Cookies\valerie@link.vericlick[2].txt
C:\Documents and Settings\valerie\Cookies\valerie@livenation.122.2o7[1].txt
C:\Documents and Settings\valerie\Cookies\valerie@login.tracking101[1].txt
C:\Documents and Settings\valerie\Cookies\valerie@luggagepointcom.112.2o7[1].txt
C:\Documents and Settings\valerie\Cookies\valerie@m1.webstats.motigo[2].txt
C:\Documents and Settings\valerie\Cookies\valerie@maxserving[1].txt
C:\Documents and Settings\valerie\Cookies\valerie@media.adfrontiers[1].txt
C:\Documents and Settings\valerie\Cookies\valerie@media3.sitebrand[2].txt
C:\Documents and Settings\valerie\Cookies\valerie@media6degrees[1].txt
C:\Documents and Settings\valerie\Cookies\valerie@mediaservices.myspace[2].txt
C:\Documents and Settings\valerie\Cookies\valerie@metacafe.122.2o7[1].txt
C:\Documents and Settings\valerie\Cookies\valerie@microsoftwga.112.2o7[1].txt
C:\Documents and Settings\valerie\Cookies\valerie@msnportalbeetoffice2007.112.2o7[1].txt
C:\Documents and Settings\valerie\Cookies\valerie@mywebsearch[2].txt
C:\Documents and Settings\valerie\Cookies\valerie@nextag[2].txt
C:\Documents and Settings\valerie\Cookies\valerie@nintendo.112.2o7[1].txt
C:\Documents and Settings\valerie\Cookies\valerie@optimost[1].txt
C:\Documents and Settings\valerie\Cookies\valerie@overture[1].txt
C:\Documents and Settings\valerie\Cookies\valerie@partner2profit[2].txt
C:\Documents and Settings\valerie\Cookies\valerie@partners.tattomedia[1].txt
C:\Documents and Settings\valerie\Cookies\valerie@perf.overture[1].txt
C:\Documents and Settings\valerie\Cookies\valerie@pictage.112.2o7[1].txt
C:\Documents and Settings\valerie\Cookies\valerie@qksrv[2].txt
C:\Documents and Settings\valerie\Cookies\valerie@qnsr[1].txt
C:\Documents and Settings\valerie\Cookies\valerie@realmedia[1].txt
C:\Documents and Settings\valerie\Cookies\valerie@reduxads.valuead[1].txt
C:\Documents and Settings\valerie\Cookies\valerie@reunioncom.112.2o7[1].txt
C:\Documents and Settings\valerie\Cookies\valerie@revsci[2].txt
C:\Documents and Settings\valerie\Cookies\valerie@reztrack[2].txt
C:\Documents and Settings\valerie\Cookies\valerie@roiservice[2].txt
C:\Documents and Settings\valerie\Cookies\valerie@rotator.adjuggler[1].txt
C:\Documents and Settings\valerie\Cookies\valerie@sales.liveperson[2].txt
C:\Documents and Settings\valerie\Cookies\valerie@server.iad.liveperson[1].txt
C:\Documents and Settings\valerie\Cookies\valerie@serving-sys[2].txt
C:\Documents and Settings\valerie\Cookies\valerie@sexiluv[2].txt
C:\Documents and Settings\valerie\Cookies\valerie@smartcpc.advertserve[1].txt
C:\Documents and Settings\valerie\Cookies\valerie@snapfish.112.2o7[1].txt
C:\Documents and Settings\valerie\Cookies\valerie@spamblockerutility[2].txt
C:\Documents and Settings\valerie\Cookies\valerie@starware[2].txt
C:\Documents and Settings\valerie\Cookies\valerie@stat.dealtime[1].txt
C:\Documents and Settings\valerie\Cookies\valerie@stats.manticoretechnology[2].txt
C:\Documents and Settings\valerie\Cookies\valerie@stats1.reliablestats[1].txt
C:\Documents and Settings\valerie\Cookies\valerie@tacoda[1].txt
C:\Documents and Settings\valerie\Cookies\valerie@thunderbolt.adjuggler[1].txt
C:\Documents and Settings\valerie\Cookies\valerie@track.cobrandedyellowpages[2].txt
C:\Documents and Settings\valerie\Cookies\valerie@tracker.espsoftware[1].txt
C:\Documents and Settings\valerie\Cookies\valerie@tracker.myspacemaps[1].txt
C:\Documents and Settings\valerie\Cookies\valerie@tracker[1].txt
C:\Documents and Settings\valerie\Cookies\valerie@tracking.dsmmadvantage[2].txt
C:\Documents and Settings\valerie\Cookies\valerie@tracking.homeportfolio[2].txt
C:\Documents and Settings\valerie\Cookies\valerie@tremor.adbureau[2].txt
C:\Documents and Settings\valerie\Cookies\valerie@tribalfusion[2].txt
C:\Documents and Settings\valerie\Cookies\valerie@try.screensavers[1].txt
C:\Documents and Settings\valerie\Cookies\valerie@try.starware[1].txt
C:\Documents and Settings\valerie\Cookies\valerie@v7.stats.load[2].txt
C:\Documents and Settings\valerie\Cookies\valerie@winantivirus[2].txt
C:\Documents and Settings\valerie\Cookies\valerie@windowsmedia[1].txt
C:\Documents and Settings\valerie\Cookies\valerie@wpni.112.2o7[1].txt
C:\Documents and Settings\valerie\Cookies\valerie@www.coatrackshack[1].txt
C:\Documents and Settings\valerie\Cookies\valerie@www.coatracks[1].txt
C:\Documents and Settings\valerie\Cookies\valerie@www.directnetadvertising[1].txt
C:\Documents and Settings\valerie\Cookies\valerie@www.xctrk[1].txt
C:\Documents and Settings\valerie\Cookies\valerie@xiti[1].txt

Adware.ClickSpring-Variant
C:\DOCUMENTS AND SETTINGS\VALERIE\LOCAL SETTINGS\TEMP\SDEXE.EXE
C:\DOCUMENTS AND SETTINGS\VALERIE\LOCAL SETTINGS\TEMP\TMP16F.TMP
C:\DOCUMENTS AND SETTINGS\VALERIE\LOCAL SETTINGS\TEMP\TMP1E7.TMP
C:\DOCUMENTS AND SETTINGS\VALERIE\LOCAL SETTINGS\TEMP\TMP2B.TMP
C:\DOCUMENTS AND SETTINGS\VALERIE\LOCAL SETTINGS\TEMP\TMP715.TMP
C:\DOCUMENTS AND SETTINGS\VALERIE\LOCAL SETTINGS\TEMP\TMPDE6.TMP
C:\DOCUMENTS AND SETTINGS\VALERIE\LOCAL SETTINGS\TEMP\TMPFF.TMP
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AAFBBE38-C467-4DD5-8BA0-53F68040FE9C}\RP910\A0228371.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AAFBBE38-C467-4DD5-8BA0-53F68040FE9C}\RP910\A0228397.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AAFBBE38-C467-4DD5-8BA0-53F68040FE9C}\RP911\A0228478.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AAFBBE38-C467-4DD5-8BA0-53F68040FE9C}\RP911\A0229395.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AAFBBE38-C467-4DD5-8BA0-53F68040FE9C}\RP911\A0229426.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AAFBBE38-C467-4DD5-8BA0-53F68040FE9C}\RP911\A0229466.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AAFBBE38-C467-4DD5-8BA0-53F68040FE9C}\RP912\A0230467.EXE

Trojan.ZenoSearch
C:\DOCUMENTS AND SETTINGS\VALERIE\LOCAL SETTINGS\TEMP\TMP1602.TMP
C:\WINDOWS\SYSTEM32\PWINMLDS.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AAFBBE38-C467-4DD5-8BA0-53F68040FE9C}\RP817\A0065983.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AAFBBE38-C467-4DD5-8BA0-53F68040FE9C}\RP818\A0066055.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AAFBBE38-C467-4DD5-8BA0-53F68040FE9C}\RP818\A0066113.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AAFBBE38-C467-4DD5-8BA0-53F68040FE9C}\RP819\A0066126.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AAFBBE38-C467-4DD5-8BA0-53F68040FE9C}\RP820\A0066170.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AAFBBE38-C467-4DD5-8BA0-53F68040FE9C}\RP821\A0066172.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AAFBBE38-C467-4DD5-8BA0-53F68040FE9C}\RP822\A0066182.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AAFBBE38-C467-4DD5-8BA0-53F68040FE9C}\RP822\A0066199.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AAFBBE38-C467-4DD5-8BA0-53F68040FE9C}\RP823\A0067199.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AAFBBE38-C467-4DD5-8BA0-53F68040FE9C}\RP824\A0067300.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AAFBBE38-C467-4DD5-8BA0-53F68040FE9C}\RP825\A0067392.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AAFBBE38-C467-4DD5-8BA0-53F68040FE9C}\RP826\A0067508.LNK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AAFBBE38-C467-4DD5-8BA0-53F68040FE9C}\RP909\A0228365.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AAFBBE38-C467-4DD5-8BA0-53F68040FE9C}\RP910\A0228382.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AAFBBE38-C467-4DD5-8BA0-53F68040FE9C}\RP910\A0228407.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AAFBBE38-C467-4DD5-8BA0-53F68040FE9C}\RP911\A0228487.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AAFBBE38-C467-4DD5-8BA0-53F68040FE9C}\RP911\A0229405.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AAFBBE38-C467-4DD5-8BA0-53F68040FE9C}\RP911\A0229436.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AAFBBE38-C467-4DD5-8BA0-53F68040FE9C}\RP911\A0229476.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AAFBBE38-C467-4DD5-8BA0-53F68040FE9C}\RP912\A0230477.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AAFBBE38-C467-4DD5-8BA0-53F68040FE9C}\RP912\A0230519.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AAFBBE38-C467-4DD5-8BA0-53F68040FE9C}\RP912\A0231519.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AAFBBE38-C467-4DD5-8BA0-53F68040FE9C}\RP917\A0232532.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AAFBBE38-C467-4DD5-8BA0-53F68040FE9C}\RP917\A0233529.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{AAFBBE38-C467-4DD5-8BA0-53F68040FE9C}\RP921\A0233623.EXE
C:\WINDOWS\SYSTEM32\PWINMLDT.EXE

Trace.Known Threat Sources
C:\Documents and Settings\valerie\Local Settings\Temporary Internet Files\Content.IE5\OV4TK3OD\favicon[1].ico
C:\Documents and Settings\valerie\Local Settings\Temporary Internet Files\Content.IE5\72IY8RH6\08e5626e1b84ac1aec80dc870a7411e3[1].zip
C:\Documents and Settings\valerie\Local Settings\Temporary Internet Files\Content.IE5\SDQN89MR\rd-fakeout2-720x300[1].gif
C:\Documents and Settings\valerie\Local Settings\Temporary Internet Files\Content.IE5\MBCOIVGY\ack[1].htm
C:\Documents and Settings\valerie\Local Settings\Temporary Internet Files\Content.IE5\72IY8RH6\ack[1].htm



VundoFix V6.7.8

Checking Java version...

Java version is 1.4.2.5
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Scan started at 12:39:21 PM 2/18/2008

Listing files found while scanning....

No infected files were found.


Beginning removal...


ComboFix 08-02-18.1 - Valerie 2008-02-18 14:28:02.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.661 [GMT -8:00]
Running from: C:\Documents and Settings\valerie\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007
C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data\Abbr
C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data\ProductCode
C:\Documents and Settings\valerie\My Documents\MANTEC~1
C:\Program Files\Temporary
C:\WINDOWS\b122.exe
C:\WINDOWS\b143.exe
C:\WINDOWS\mrofinu572.exe
C:\WINDOWS\system32\apslscps.ini
C:\WINDOWS\system32\dobe~1
C:\WINDOWS\system32\epgejxbv.dll
C:\WINDOWS\system32\gpooshyj.dll
C:\WINDOWS\system32\henqhaae.dll
C:\WINDOWS\system32\hpbsljgv.ini
C:\WINDOWS\system32\icroso~1
C:\WINDOWS\system32\isnypsaq.ini
C:\WINDOWS\system32\kqocpbbe.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mqukrtvt.ini
C:\WINDOWS\system32\nklcxqhs.ini
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pqtss.ini
C:\WINDOWS\system32\pqtss.ini2
C:\WINDOWS\system32\rrcokcsf.dll
C:\WINDOWS\system32\shqxclkn.dll
C:\WINDOWS\system32\spcslspa.dll
C:\WINDOWS\system32\xjosjnbv.dll
C:\WINDOWS\system32\ylemwxyg.dll
C:\WINDOWS\system32\zxdnt3d.cfg

.
((((((((((((((((((((((((( Files Created from 2008-01-18 to 2008-02-18 )))))))))))))))))))))))))))))))
.

2008-02-18 13:00 . 2008-02-18 14:25 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-02-18 13:00 . 2008-02-18 13:00 <DIR> d-------- C:\Documents and Settings\valerie\Application Data\SUPERAntiSpyware.com
2008-02-18 13:00 . 2008-02-18 13:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-18 12:39 . 2008-02-18 12:39 <DIR> d-------- C:\VundoFix Backups
2008-01-23 13:30 . 2008-01-23 15:58 652 --a------ C:\WINDOWS\wininit.ini
2008-01-23 12:35 . 2008-01-23 12:35 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-01-23 12:35 . 2008-01-23 15:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-23 10:17 . 2008-01-23 10:17 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-23 10:17 . 2008-02-18 13:00 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-23 10:10 . 2007-06-20 11:09 42,792 --a------ C:\WINDOWS\system32\gotomon.dll
2008-01-23 09:59 . 2008-01-23 10:57 <DIR> d-------- C:\Program Files\Dot1XCfg
2008-01-18 14:50 . 2008-01-18 14:50 <DIR> d-------- C:\Documents and Settings\valerie\Application Data\AdwareAlert
2008-01-18 14:33 . 2008-01-18 14:33 <DIR> d-------- C:\WINDOWS\Ad-Ware Pro
2008-01-18 14:19 . 2008-01-23 10:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-07 23:22 --------- d-----w C:\Program Files\Trend Micro
2008-01-30 21:58 --------- d-----w C:\Documents and Settings\valerie\Application Data\AdobeUM
2008-01-23 19:02 --------- d-----w C:\Program Files\QuickTime
2008-01-23 19:02 --------- d-----w C:\Program Files\iTunes
2008-01-17 17:51 --------- d-----w C:\Program Files\DYMO Label
2008-01-15 23:10 36,864 ----a-w C:\WINDOWS\17PHolmes572.exe
2008-01-15 23:02 36,864 ----a-w C:\WINDOWS\mrofinu572.exe.tmp
2007-10-29 18:03 3,902,784 ----a-w C:\Documents and Settings\valerie\gosetup.exe
1997-07-22 02:30 1,045,776 --sha-w C:\WINDOWS\system32\Msjet35.dll
1997-06-23 10:00 123,664 --sha-w C:\WINDOWS\system32\Msjint35.dll
1997-06-23 19:06 24,848 --sha-w C:\WINDOWS\system32\Msjter35.dll
1997-06-23 19:06 252,176 --sha-w C:\WINDOWS\system32\Msrd2x35.dll
1997-06-23 19:06 287,504 --sha-w C:\WINDOWS\system32\Msxbse35.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-23 11:02 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-01-23 11:02 1694208]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-23 11:07 68856]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acronis True Image Monitor"="C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe" [2008-01-23 11:03 423258]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-01-23 11:06 90112]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2008-01-23 11:06 1404928]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2008-01-23 11:06 344064]
"OfficeScanNT Monitor"="C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" [2008-01-23 11:49 303104]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 16:20 339968 C:\WINDOWS\stsystra.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2008-01-23 11:06 132496]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-23 11:06 278528]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-23 11:48 282624]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-01-23 11:06 1838592]
"GoToMyPC"="C:\Program Files\Citrix\GoToMyPC\g2svc.exe" [2008-01-23 11:03 258856]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-23 20:37:56 217194]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 03:44:06 29696]
AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe [2005-03-05 05:18:22 10872]
Wireless USB 2.0 WLAN Card Utility.lnk - C:\Program Files\Dell Wireless\PRISMCFG.exe [2005-07-08 13:05:18 925803]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToMyPC]
C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll 2007-06-20 11:09 10536 C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PRISMGNA.DLL]
PRISMGNA.DLL 2004-12-08 11:41 229465 C:\WINDOWS\system32\PRISMGNA.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

[HKLM\~\startupfolder\C:^Documents and Settings^valerie^Start Menu^Programs^Startup^TA_Start.lnk]
path=C:\Documents and Settings\valerie\Start Menu\Programs\Startup\TA_Start.lnk
backup=C:\WINDOWS\pss\TA_Start.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
C:\WINDOWS\system32\sstqp.exe

R2 PRISMSVC;PRISMSVC;C:\WINDOWS\System32\PRISMSVC.EXE [2004-12-08 11:39]
S3 USA19H;USA19H;C:\WINDOWS\system32\DRIVERS\USA19H2k.sys [2003-06-24 19:30]
S3 USA19H2KP;Keyspan USB Serial Port Driver;C:\WINDOWS\system32\DRIVERS\USA19H2kp.SYS [2003-06-24 19:21]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-08 11:00:00 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job"
- C:\Program Files\AdwareAlert\AdwareAlert.ex
- C:\Program Files\AdwareAlert
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-18 14:45:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"Acronis True Image Monitor"="\"C:\\Program Files\\Acronis\\TrueImage\\TrueImageMonitor.exe\""
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Citrix\GoToMyPC\g2comm.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\Citrix\GoToMyPC\g2pre.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\Citrix\GoToMyPC\g2tray.exe
C:\Program Files\Trend Micro\OfficeScan Client\ofcdog.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\PRISMSVR.EXE
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-02-18 14:48:13 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-18 22:48:10
.
2008-01-14 21:37:53 --- E O F ---

#6 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:10:11 AM

Posted 18 February 2008 - 07:00 PM

Keebee,

Things are looking better , lets do this.

Please download OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINDOWS\17PHolmes572.exe
    C:\WINDOWS\mrofinu572.exe.tmp
    C:\WINDOWS\system32\sstqp.exe

  • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
  • Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply.
  • Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.





Download CCleaner from here to clean temp files from your computer.
  • Double click on the file to start the installation of the program.
  • Select your language and click OK, then next.
  • Read the license agreement and click I Agree.
  • Click next to use the default install location. Click Install then finish to complete installation.
  • Double click the CCleaner shortcut on the desktop to start the program.
  • On the "Windows" tab, under "Internet Explorer," uncheck "Cookies" if you do not want them deleted. (If deleted, you will likely need to reenter your passwords at all sites where a cookie is used to recognize you when you visit).
  • If you use either the Firefox or Mozilla browsers, the box to uncheck for "Cookies" is on the Applications tab, under Firefox/Mozilla.
  • Click on the "Options" icon at the left side of the window, then click on "Advanced."
    deselect "Only delete files in Windows Temp folders older than 48 hours."
  • Click on the "Cleaner" icon on the left side of the window, then click Run Cleaner to run the program.
  • Caution: It is not recommended that you use the "Issues" feature unless you are very familiar with the registry as it has been known to find legitimate items.
  • After CCleaner has completed its process, click Exit.
*NOTE* CCleaner deletes EVERYTHING out of temp/temporary folders. If you have anything in a temp folder, back it up or move it to a permanent folder prior to running CCleaner!
**Note** Go to Options> Cookies and any you want to keep move them to The Keep window



Post the OtMoveIt log and let me know how your system is running now??

mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days


#7 keebee

keebee
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:11 AM

Posted 18 February 2008 - 08:09 PM

Below is the OTMoveIT log. Today is the first time I've allowed this computer on the network in a couple of weeks. It appears to be running quite well. No popups and no viruses identified by OfficeScan. Do you think you've healed it? Thanks as always.


c:\windows\17PHolmes572.exe moved successfully.
c:\windows\mrofinu572.exe.tmp moved successfully.
File/Folder c:\windows\system32\sstqp.exe not found.

OTMoveIt2 v1.0.20 log created on 02182008_165544

#8 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:10:11 AM

Posted 18 February 2008 - 08:29 PM

keebee,

Glad things are running better :thumbsup:

What I would like you to do is to run the free online virus scanner from Kaspersky and post the log, if we missed something this will find it. If the report comes back and says no viruses found then don't bother to post the log. Then what I would do is to use the computer for a few days and to be on the safe side, post a new HJT log and lets make sure nothing has returned.

Run this free online scan using Internet Explorer:
Kaspersky Online Virus Scanner

Next Click on Launch Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  • Standard
  • Scan Options:
  • Scan Archives
  • Scan Mail Bases
  • Click OK
  • Now under select a target to scan: Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
  • Save the file to your desktop.
Post the log along with a New HJT Log into your next reply.

mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days


#9 keebee

keebee
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:11 AM

Posted 20 February 2008 - 01:04 PM

Here are the results of Kapersky and Hyjack This. Thanks.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:02, on 2008-02-20
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Citrix\GoToMyPC\g2svc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Citrix\GoToMyPC\g2comm.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\Citrix\GoToMyPC\g2pre.exe
C:\WINDOWS\System32\PRISMSVC.EXE
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\Trend Micro\OfficeScan Client\ofcdog.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PRISMSVR.EXE
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Dell Wireless\PRISMCFG.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Citrix\GoToMyPC\g2tray.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Acronis True Image Monitor] "C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [GoToMyPC] "C:\Program Files\Citrix\GoToMyPC\g2svc.exe" -logon
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Wireless USB 2.0 WLAN Card Utility.lnk = ?
O8 - Extra context menu item: &Search - ?p=ZSzed001YYUS_ZNxmk146BWUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://encompasssrv.encompasses.local:4343...ll/WinNTChk.cab
O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupINICtrl Class) - https://encompasssrv.encompasses.local:4343...ll/setupini.cab
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://encompasssrv.encompasses.local:4343...stall/setup.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2B1AA38D-2D12-11D5-AAD0-00C04FA03D78} (LocalExec Control) - https://portal.cwu.edu/nps/portal/gadgets/c...t/LocalExec.CAB
O16 - DPF: {2D752DD2-5BDD-4ADA-900A-F916E5B13BA6} (CompositeView Control) - http://plso.wadnr.gov/wx/Client/IrcViewer.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - https://encompasssrv.encompasses.local:4343.../RemoveCtrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1121288657499
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = EncompassES.local
O17 - HKLM\Software\..\Telephony: DomainName = EncompassES.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = EncompassES.local
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: GoToMyPC - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToMyPC\g2svc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: PRISMSVC - Conexant Systems, Inc. - C:\WINDOWS\System32\PRISMSVC.EXE
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe

--
End of file - 10538 bytes


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
2008-02-20 08:06
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 19/02/2008
Kaspersky Anti-Virus database records: 530599
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
H:\
J:\
P:\
R:\
S:\
T:\
U:\

Scan Statistics:
Total number of scanned objects: 232959
Number of viruses found: 7
Number of infected objects: 188
Number of suspicious objects: 0
Duration of the scan process: 02:21:14

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\190434c278b8bfd4b927d2f33f67e9e4_3d475f5c-3d82-4f21-9619-9fbbf5b7560a Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\34ba921405a32796630868b335622f6b_3d475f5c-3d82-4f21-9619-9fbbf5b7560a Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7f908717b605578e516547ae165a8c3a_3d475f5c-3d82-4f21-9619-9fbbf5b7560a Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\846db4809ae5507144d5b9180a8da38b_3d475f5c-3d82-4f21-9619-9fbbf5b7560a Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8fd4ae70b9da40c861e366bf3d2118bd_3d475f5c-3d82-4f21-9619-9fbbf5b7560a Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c89b5db50bf04bf20bff37346fb30547_3d475f5c-3d82-4f21-9619-9fbbf5b7560a Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e2ccb3bd3ec32b4c9be02ebc316c1af6_3d475f5c-3d82-4f21-9619-9fbbf5b7560a Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f265de8ab29dc857676eca40b308d4ef_3d475f5c-3d82-4f21-9619-9fbbf5b7560a Object is locked skipped
C:\Documents and Settings\All Users\Documents\DYMO Label\Address Books\Encompass contacts.dal Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\valerie\Application Data\Microsoft\Outlook\Outlook.NK2 Object is locked skipped
C:\Documents and Settings\valerie\Application Data\Microsoft\Outlook\Outlook.srs Object is locked skipped
C:\Documents and Settings\valerie\Application Data\Microsoft\Templates\Normal.dot Object is locked skipped
C:\Documents and Settings\valerie\Application Data\Microsoft\Word\AutoRecovery save of Normal.as$ Object is locked skipped
C:\Documents and Settings\valerie\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SUPERANTISPYWARE.LOG Object is locked skipped
C:\Documents and Settings\valerie\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\valerie\Local Settings\Application Data\ApplicationHistory\Customer Information Retrieval.exe.64777df8.ini.inuse Object is locked skipped
C:\Documents and Settings\valerie\Local Settings\Application Data\Google\Google Desktop Search\dbc2e.ht1 Object is locked skipped
C:\Documents and Settings\valerie\Local Settings\Application Data\Google\Google Desktop Search\dbdam Object is locked skipped
C:\Documents and Settings\valerie\Local Settings\Application Data\Google\Google Desktop Search\dbdao Object is locked skipped
C:\Documents and Settings\valerie\Local Settings\Application Data\Google\Google Desktop Search\dbeam Object is locked skipped
C:\Documents and Settings\valerie\Local Settings\Application Data\Google\Google Desktop Search\dbeao Object is locked skipped
C:\Documents and Settings\valerie\Local Settings\Application Data\Google\Google Desktop Search\dbm Object is locked skipped
C:\Documents and Settings\valerie\Local Settings\Application Data\Google\Google Desktop Search\dbu2d.ht1 Object is locked skipped
C:\Documents and Settings\valerie\Local Settings\Application Data\Google\Google Desktop Search\dbvm.cf1 Object is locked skipped
C:\Documents and Settings\valerie\Local Settings\Application Data\Google\Google Desktop Search\dbvmh.ht1 Object is locked skipped
C:\Documents and Settings\valerie\Local Settings\Application Data\Google\Google Desktop Search\fii.cf1 Object is locked skipped
C:\Documents and Settings\valerie\Local Settings\Application Data\Google\Google Desktop Search\fiih.ht1 Object is locked skipped
C:\Documents and Settings\valerie\Local Settings\Application Data\Google\Google Desktop Search\hp Object is locked skipped
C:\Documents and Settings\valerie\Local Settings\Application Data\Google\Google Desktop Search\hpt2i.ht1 Object is locked skipped
C:\Documents and Settings\valerie\Local Settings\Application Data\Google\Google Desktop Search\rpm.cf1 Object is locked skipped
C:\Documents and Settings\valerie\Local Settings\Application Data\Google\Google Desktop Search\rpmh.ht1 Object is locked skipped
C:\Documents and Settings\valerie\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-black-enchashm.cf1 Object is locked skipped
C:\Documents and Settings\valerie\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-black-enchashmh.ht1 Object is locked skipped
C:\Documents and Settings\valerie\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-black-urlm.cf1 Object is locked skipped
C:\Documents and Settings\valerie\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-black-urlmh.ht1 Object is locked skipped
C:\Documents and Settings\valerie\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-malware-domainm.cf1 Object is locked skipped
C:\Documents and Settings\valerie\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-malware-domainmh.ht1 Object is locked skipped
C:\Documents and Settings\valerie\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-white-domainm.cf1 Object is locked skipped
C:\Documents and Settings\valerie\Local Settings\Application Data\Google\Google Desktop Search\safeweb\goog-white-domainmh.ht1 Object is locked skipped
C:\Documents and Settings\valerie\Local Settings\Application Data\Microsoft\Outlook\archive.pst Object is locked skipped
C:\Documents and Settings\valerie\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst Object is locked skipped
C:\Documents and Settings\valerie\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\valerie\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\valerie\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\valerie\Local Settings\History\History.IE5\MSHist012008021920080220\index.dat Object is locked skipped
C:\Documents and Settings\valerie\Local Settings\Temp\cpe{95C4CB41-1368-4F92-A70A-A9737786DD21}.tmp Object is locked skipped
C:\Documents and Settings\valerie\Local Settings\Temp\cpe{AD2E4DAE-6392-421D-B17F-109FF844F2A8}.tmp Object is locked skipped
C:\Documents and Settings\valerie\Local Settings\Temp\ExchangePerflog_8484fa31e3cef651cfcccd43.dat Object is locked skipped
C:\Documents and Settings\valerie\Local Settings\Temp\JET33B0.tmp Object is locked skipped
C:\Documents and Settings\valerie\Local Settings\Temp\JET53F0.tmp Object is locked skipped
C:\Documents and Settings\valerie\Local Settings\Temp\JET9DBF.tmp Object is locked skipped
C:\Documents and Settings\valerie\Local Settings\Temp\JETFE2F.tmp Object is locked skipped
C:\Documents and Settings\valerie\Local Settings\Temp\~DF156B.tmp Object is locked skipped
C:\Documents and Settings\valerie\Local Settings\Temp\~DF21A5.tmp Object is locked skipped
C:\Documents and Settings\valerie\Local Settings\Temp\~DF2730.tmp Object is locked skipped
C:\Documents and Settings\valerie\Local Settings\Temp\~DF4363.tmp Object is locked skipped
C:\Documents and Settings\valerie\Local Settings\Temp\~DF5773.tmp Object is locked skipped
C:\Documents and Settings\valerie\Local Settings\Temp\~DFACD4.tmp Object is locked skipped
C:\Documents and Settings\valerie\Local Settings\Temp\~DFB4E.tmp Object is locked skipped
C:\Documents and Settings\valerie\Local Settings\Temp\~DFD92C.tmp Object is locked skipped
C:\Documents and Settings\valerie\Local Settings\Temp\~WRD0001.doc Object is locked skipped
C:\Documents and Settings\valerie\Local Settings\Temp\~WRF0000.tmp Object is locked skipped
C:\Documents and Settings\valerie\Local Settings\Temp\~WRS0004.tmp Object is locked skipped
C:\Documents and Settings\valerie\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\valerie\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\valerie\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Citrix\GoToMyPC\g2host.log Object is locked skipped
C:\Program Files\Citrix\GoToMyPC\g2svc.log Object is locked skipped
C:\Program Files\Microsoft Office\OFFICE11\STARTUP\AddrFixr.dot Object is locked skipped
C:\Program Files\Microsoft Office\OFFICE11\STARTUP\Dymo LabelWriter Add-In.dot Object is locked skipped
C:\Program Files\Microsoft Office\OFFICE11\STARTUP\PDFMaker.dot Object is locked skipped
C:\Program Files\Microsoft Office\OFFICE11\XLSTART\PDFMaker.xla Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\master.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\mastlog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\model.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\modellog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\tempdb.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\templog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\LOG\ERRORLOG Object is locked skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\A0228371.RB0 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\A0228382.RB0 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\A0228386.RB0 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\A0228407.RB0 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\A0228410.RB0 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\Ad-Ware Pro.RB0 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\Ad-Ware Pro.RB1 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\AdwareAlert.RB0 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\AdwareAlert.RB1 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\ATIPTAXX.RB0 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\ATIPTAXX.RB1 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\ATIPTAXX.RB2 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\atiptaxx.RB3 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\atiptaxx.RB4 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\atiptaxx.RB5 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\atiptaxx.RB6 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\atiptaxx.RB7 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\atiptaxx.RB8 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\atiptaxx.RB9 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\ctfmon.RB0 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\ctfmon.RB1 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\CTFMON.RB2 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\ctfmon.RB3 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\ctfmon.RB4 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\ctfmon.RB5 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\CTFMON.RB6 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\CTFMON.RB7 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\ctfmon.RB8 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\ctfmon.RB9 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\Dot1XCfg.RB0 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\g2svc.RB0 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\g2svc.RB1 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\G2SVC.RB2 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\g2svc.RB3 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\G2SVC.RB4 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\G2SVC.RB5 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\g2svc.RB6 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\GOOGLEDESKTOP.RB0 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\GOOGLEDESKTOP.RB1 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\GOOGLEDESKTOP.RB2 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\GOOGLEDESKTOP.RB3 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\GOOGLEDESKTOP.RB4 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\GOOGLEDESKTOP.RB5 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\GOOGLEDESKTOP.RB6 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\GOOGLEDESKTOP.RB7 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\GOOGLEDESKTOP.RB8 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\GoogleDesktop.RB9 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\GOOGLETOOLBARNOTIFIER.RB0 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\GOOGLETOOLBARNOTIFIER.RB1 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\GoogleToolbarNotifier.RB2 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\GOOGLETOOLBARNOTIFIER.RB3 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\GOOGLETOOLBARNOTIFIER.RB4 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\GOOGLETOOLBARNOTIFIER.RB5 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\GOOGLETOOLBARNOTIFIER.RB6 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\GOOGLETOOLBARNOTIFIER.RB7 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\GOOGLETOOLBARNOTIFIER.RB8 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\GoogleToolbarNotifier.RB9 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\iTunesHelper.RB0 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\ITUNESHELPER.RB1 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\ITUNESHELPER.RB2 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\iTunesHelper.RB3 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\ITUNESHELPER.RB4 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\iTunesHelper.RB5 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\ITUNESHELPER.RB6 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\ITUNESHELPER.RB7 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\ITUNESHELPER.RB8 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\iTunesHelper.RB9 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\JUSCHED.RB0 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\JUSCHED.RB1 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\JUSCHED.RB2 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\JUSCHED.RB3 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\JUSCHED.RB4 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\JUSCHED.RB5 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\JUSCHED.RB6 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\JUSCHED.RB7 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\JUSCHED.RB8 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\jusched.RB9 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\kldsrngn.RB0 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\kldsrngn.RB1 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\kldsrngn.RB2 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\kldsrngn.RB3 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\kldsrngn.RB4 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\kldsrngn.RB5 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\kldsrngn.RB6 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\kldsrngn.RB7 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\kldsrngn.RB8 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\kldsrngn.RB9 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\mrofinu572.RB0 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\MROFINU572.RB1 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\MROFINU572.RB2 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\MROFINU572.RB3 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\MROFINU572.RB4 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\MROFINU572.RB5 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\MROFINU572.RB6 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\mrofinu572.RB7 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\MROFINU572.RB8 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\MROFINU572.RB9 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\msmsgs.RB0 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\MSMSGS.RB1 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\msmsgs.RB2 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\msmsgs.RB3 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\msmsgs.RB4 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\MSMSGS.RB5 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\MSMSGS.RB6 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\msmsgs.RB7 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\msmsgs.RB8 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\msmsgs.RB9 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\PCCNTMON.RB0 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\PccNTMon.RB1 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\pccntmon.RB2 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\PCCNTMON.RB3 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\PCCNTMON.RB4 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\PCCNTMON.RB5 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\PCCNTMON.RB6 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\PCCNTMON.RB7 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\PCCNTMON.RB8 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\PccNTMon.RB9 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\pwinmldq.RB0 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\PWINMLDQ.RB1 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\PWINMLDQ.RB2 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\pwinmldq.RB3 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\pwinmldq.RB4 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\pwinmldq.RB5 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\pwinmldq.RB6 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\pwinmldq.RB7 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\pwinmldq.RB8 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\PWINMLDQ.RB9 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\QTTASK.RB0 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\QTTASK.RB1 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\qttask.RB2 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\qttask.RB3 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\QTTASK.RB4 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\QTTASK.RB5 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\QTTASK.RB6 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\QTTASK.RB7 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\QTTASK.RB8 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\qttask.RB9 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\SCHEDHLP.RB0 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\SCHEDHLP.RB1 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\SCHEDHLP.RB2 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\SCHEDHLP.RB3 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\SCHEDHLP.RB4 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\SCHEDHLP.RB5 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\SCHEDHLP.RB6 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\SCHEDHLP.RB7 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\SCHEDHLP.RB8 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\schedhlp.RB9 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\SMAX4PNP.RB0 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\SMAX4PNP.RB1 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\SMAX4PNP.RB2 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\SMAX4PNP.RB3 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\SMAX4PNP.RB4 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\SMAX4PNP.RB5 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\SMAX4PNP.RB6 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\SMAX4PNP.RB7 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\SMAX4PNP.RB8 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\smax4pnp.RB9 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\TASKMGR.RB0 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\TASKMGR.RB1 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\taskmgr.RB2 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\TASKMGR.RB3 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\TASKMGR.RB4 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\TASKMGR.RB5 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\TASKMGR.RB6 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\TASKMGR.RB7 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\TASKMGR.RB8 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\taskmgr.RB9 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\TRUEIMAGEMONITOR.RB0 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\TrueImageMonitor.RB1 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\TrueImageMonitor.RB2 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\TrueImageMonitor.RB3 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\TrueImageMonitor.RB4 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\TRUEIMAGEMONITOR.RB5 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\TrueImageMonitor.RB6 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\TRUEIMAGEMONITOR.RB7 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\TRUEIMAGEMONITOR.RB8 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\TRUEIMAGEMONITOR.RB9 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\Words.RB0 Infected: Virus.Win32.Trats.d skipped
C:\Program Files\Trend Micro\OfficeScan Client\Backup\Words.RB1 Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{AAFBBE38-C467-4DD5-8BA0-53F68040FE9C}\RP910\A0228412.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{AAFBBE38-C467-4DD5-8BA0-53F68040FE9C}\RP910\A0228413.exe Infected: Trojan-Downloader.Win32.VB.caw skipped
C:\System Volume Information\_restore{AAFBBE38-C467-4DD5-8BA0-53F68040FE9C}\RP910\A0228414.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{AAFBBE38-C467-4DD5-8BA0-53F68040FE9C}\RP912\A0230498.exe Infected: Trojan.Win32.Scapur.k skipped
C:\System Volume Information\_restore{AAFBBE38-C467-4DD5-8BA0-53F68040FE9C}\RP921\A0233707.exe Infected: Trojan-Downloader.Win32.Adload.pr skipped
C:\System Volume Information\_restore{AAFBBE38-C467-4DD5-8BA0-53F68040FE9C}\RP921\A0233708.exe Infected: Trojan-Downloader.Win32.Agent.haq skipped
C:\System Volume Information\_restore{AAFBBE38-C467-4DD5-8BA0-53F68040FE9C}\RP921\A0233709.exe Infected: Virus.Win32.Trats.d skipped
C:\System Volume Information\_restore{AAFBBE38-C467-4DD5-8BA0-53F68040FE9C}\RP927\change.log Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\colbact.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comuid.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\es.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\migregdb.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\ole32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\txflog.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\callcont.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\cmdevtgprov.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\evtgprov.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323.tsp Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msgina.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mst120.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\schannel.dll Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\Netlogon.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Downloaded Program Files\webinst.dll Infected: Trojan-Downloader.Win32.Adload.pi skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\gotomon.log Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_7a4.dat Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_7a8.dat Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\_OTMoveIt\MovedFiles\02182008_165544\windows\mrofinu572.exe.tmp Infected: Trojan-Downloader.Win32.Agent.hql skipped
H:\Timesheets\Mark\Mark Northcott 02-18-2008.xls Object is locked skipped
H:\Timesheets\Dave\DAVID P. NELSON.xls Object is locked skipped
H:\Timesheets\Trevin Roletto 02-18-2008.xls Object is locked skipped
J:\08\08013\Surveying\08013Plat.dwl Object is locked skipped
J:\08\08013\Surveying\08013Plat_LOTLINES.dwl Object is locked skipped
J:\08\08013\Surveying\08013Plat_LOTLINES.dwg Object is locked skipped
J:\08\08008\Surveying\08008PBCP.dwg Object is locked skipped
J:\08\08008\Surveying\08008PBCP.dwl Object is locked skipped
J:\08\08004\08004.dwg Object is locked skipped
J:\07\07275\Survey\07275FP.dwg Object is locked skipped
J:\07\07275\Survey\07275FP.dwl Object is locked skipped
J:\07\07216\Engineering\Plan Sheets\SHEET 1-COVER.dwg Object is locked skipped
J:\07\07216\Engineering\Plan Sheets\SHEET 2-G&D.dwl Object is locked skipped
J:\07\07216\Engineering\Plan Sheets\SHEET 2-G&D.dwg Object is locked skipped
J:\07\07216\Engineering\Plan Sheets\SHEET 1-COVER.dwl Object is locked skipped
J:\07\07127\07127 (01-29-2008).dwl Object is locked skipped
J:\07\07127\07127 (01-29-2008).dwg Object is locked skipped
J:\05\05502\05502_S.11 & S.14\05502_S-11&14-20-13.dwl Object is locked skipped
J:\05\05502\05502_S.11 & S.14\05502_S-11&14-20-13.dwg Object is locked skipped
P:\Land Projects 2004\07\07127\LongFileNameSystem.mdb Object is locked skipped
P:\Land Projects 2004\07\07127\align\Alignment.mdb Object is locked skipped
P:\Land Projects 2004\07\07127\align\Alignment.ldb Object is locked skipped
P:\Land Projects 2004\07\07127\LongFileNameSystem.ldb Object is locked skipped
P:\Land Projects 2006\08\08013\LongFileNameSystem.mdb Object is locked skipped
P:\Land Projects 2006\08\08013\cogo\points.mdb Object is locked skipped
P:\Land Projects 2006\08\08013\cogo\XDRefs.mdb Object is locked skipped
P:\Land Projects 2006\08\08013\cogo\DescKey\DEFAULT.mdb Object is locked skipped
P:\Land Projects 2006\08\08013\cogo\DescKey\DEFAULT.ldb Object is locked skipped
P:\Land Projects 2006\08\08013\cogo\XDRefs.ldb Object is locked skipped
P:\Land Projects 2006\08\08013\cogo\points.ldb Object is locked skipped
P:\Land Projects 2006\08\08013\align\Alignment.mdb Object is locked skipped
P:\Land Projects 2006\08\08013\align\Alignment.ldb Object is locked skipped
P:\Land Projects 2006\08\08013\LongFileNameSystem.ldb Object is locked skipped
P:\Land Projects 2006\08\08008\LongFileNameSystem.mdb Object is locked skipped
P:\Land Projects 2006\08\08008\align\Alignment.mdb Object is locked skipped
P:\Land Projects 2006\08\08008\align\Alignment.ldb Object is locked skipped
P:\Land Projects 2006\08\08008\LongFileNameSystem.ldb Object is locked skipped
P:\Land Projects 2006\08\08004\LongFileNameSystem.mdb Object is locked skipped
P:\Land Projects 2006\08\08004\cogo\points.mdb Object is locked skipped
P:\Land Projects 2006\08\08004\cogo\XDRefs.mdb Object is locked skipped
P:\Land Projects 2006\08\08004\cogo\DescKey\DEFAULT.mdb Object is locked skipped
P:\Land Projects 2006\08\08004\cogo\DescKey\DEFAULT.ldb Object is locked skipped
P:\Land Projects 2006\08\08004\cogo\XDRefs.ldb Object is locked skipped
P:\Land Projects 2006\08\08004\cogo\points.ldb Object is locked skipped
P:\Land Projects 2006\08\08004\align\Alignment.mdb Object is locked skipped
P:\Land Projects 2006\08\08004\align\Alignment.ldb Object is locked skipped
P:\Land Projects 2006\08\08004\LongFileNameSystem.ldb Object is locked skipped
P:\Land Projects 2006\07\07216\LongFileNameSystem.mdb Object is locked skipped
P:\Land Projects 2006\07\07216\align\Alignment.mdb Object is locked skipped
P:\Land Projects 2006\07\07216\align\Alignment.ldb Object is locked skipped
P:\Land Projects 2006\07\07216\LongFileNameSystem.ldb Object is locked skipped
P:\Land Projects 2006\05\05502-S11-14\LongFileNameSystem.mdb Object is locked skipped
P:\Land Projects 2006\05\05502-S11-14\align\Alignment.mdb Object is locked skipped
P:\Land Projects 2006\05\05502-S11-14\align\Alignment.ldb Object is locked skipped
P:\Land Projects 2006\05\05502-S11-14\LongFileNameSystem.ldb Object is locked skipped

Scan process completed.

#10 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:10:11 AM

Posted 21 February 2008 - 03:19 AM

Keebee, :thumbsup:

C:\Program Files\Trend Micro\OfficeScan Client\Backup
What Kaspersky has found are a ton of bad files in the backup folder, you can delete them all safely but not the backup folder itself


===========================================

C:\System Volume Information\_restore
What it also found where bad files in your System Restore program and you can reinfect yourself if you use that program to revert your system to an earlier date for any reason, so here are instructions to flush it out and I can't emphasize enough how important it is to Create a new Restore Point

System Restore makes regular backups of all your settings, if you ever had to use this program to restore your system to a previous date, you will be infected all over again so we need to clean out the previous Restore Points

Turn off System Restore.
  • Right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • Check Turn off System Restore on all Drives.
  • Click Apply, and then click OK.

Reboot your computer


Turn ON System Restore.
  • Right-click My Computer.
  • ClickProperties.
  • Click the System Restore tab.
  • UN-Check Turn off System Restore on all Drives.
  • Click Apply, and then click OK.

Create a new Restore Point <-- Very Important
  • Go to Start/ Control Panel/ Performance and Maintenance/ System Restore/ Create a New Restore Point
    You need to go into the Control Panel and switch to Catagory View to be able to Create a New Restore Point
System Restore Tutorial <-- If you need it

=========================================
C:\_OTMoveIt
You also have the bad files we removed with OtMoveIt , this program will remove that folder and clean you up also. Do not run CleanUp on OtMoveIt


  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.

    • Posted Image
  • When shown the disclaimer, Select "2"
The above procedure will:
  • Delete the following:
    • ComboFix and its associated files and folders.
    • VundoFix backups, if present
    • The C:\Deckard folder, if present
    • The C:_OtMoveIt folder, if present
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Reset System Restore.
==============================================


C:\WINDOWS\Downloaded Program Files\webinst.dll
This file is iffy, lets make sure its not bad before we delete it.



We need to make sure all hidden files are showing :
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View tab.
  • Under the Hidden files and folders heading select Show hidden files and folders.
  • Uncheck the Hide file extensions for known types option.
  • Uncheck the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
  • Click OK.
Once your system is clean, we suggest that you reverse this to keep critical windows files from accidently being deleted.


Go to VirusTotal and submit this file for analysis, just use the browse feature and then Upload , you will get a report back, post the report into this thread for me to see.
C:\WINDOWS\Downloaded Program Files\webinst.dll


Just let me see the VirusTotal report, your Hijackthis log is fine :blink:

mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days


#11 keebee

keebee
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:11 AM

Posted 21 February 2008 - 07:11 PM

We did as instructed. The ComboFix /u command did not give us an option to select "2" but the folders were gone. We also were unable to locate the webinst.dll file. I therefore ran Kaspersky again and it still identified that file. I'm logged in as Administrator and yet I still don't see that file. What am I missing? It seems like this is the last piece. Thanks!

P.S. Yes, this has been done ...

Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View tab.
Under the Hidden files and folders heading select Show hidden files and folders.
Uncheck the Hide file extensions for known types option.
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.

Edited by keebee, 21 February 2008 - 07:13 PM.


#12 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:10:11 AM

Posted 21 February 2008 - 07:49 PM

That file may be gone, it also may be ok so lets not worry about it. I went through all your logs and reports and its not present except on the Kaspersky scan. I have looked at 4 other posts in which they ran Kaspersky and that file showed up and it also pointed to a different definition then what it says in your log. I think at this point I would not worry about it after all the programs we have run and nothing found or flagged it . So your good to go :thumbsup:


Malware Complaints
Are you mad ? I mean really mad, seething mad, so mad your ready to spit, mad that you have taken your hard earned dollars to buy a computer only to have some Miscredents, Dirt Bags and Cyber Criminals install a malicious program on your computer without your knowledge or consent. You can post your complaint at the above site. If you live in the U.S.A. you can also report your grievance to your State Attorney Generals Office and the Federal Trade Commission's Bureau of Consumer Protection.


Keep in mind if you install some of these programs. Only ONE Anti Virus and only ONE Firewall is recommended, more is overkill and can cause you problems. You can install all the Spyware programs I have listed without any problems. If you install Spyware Blaster, you can still install Spybot Search and Destroy but do not enable the TeaTimer in Spybot.


Here are some free programs to install, all free and highly regarded by the fine people in the Malware Removal Community
  • Spybot Search and Destroy 1.5
    Check for Updates/ Immunize and run a Full System Scan on a regular basis. If you install Spyware Blaster ( Recommended ) then do not enable the TeaTimer in Spybot Search and Destroy.
  • Spyware Blaster It will prevent most spyware from ever being installed. No scan to run, just update about once a week and enable all protection.
  • Spyware Guard It offers realtime protection from spyware installation attempts, again, no scan to run, just install it and let it do its thing.
  • IE-Spyad
    IE-Spyad places over 6000 web sites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • Firefox 2.0.0.12 It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.
Glad we could help

Safe Surfn
Ken

mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days


#13 keebee

keebee
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:11 AM

Posted 22 February 2008 - 01:11 AM

Ken, I sure do appreciate all of your help. The donation page is my next stop. You guys perform an invaluable service. I wish I could say I'll never talk to you guys again but the sad reality is that the miscreants persist and problems are inevitable! Thanks again.

#14 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:10:11 AM

Posted 22 February 2008 - 08:32 AM

Glad all is well, :blink: Do a Google search for the RBN Russian Business Network, this is where a majority of this garbage comes from and from my understanding is that they may have partially closed down and moved to China where there will be less restrictions on there dirty work. The threats going around nowadays are not funny anymore, the slimeballs that write this garbage are cyber criminals and all there after is money.

Thanks for your offer of a donation, but at this time Bleeping Computer does not except donations, just send it to your favorite charity . The best thing you can do is to recommend us to your friends .


Take Care,

Ken :thumbsup:

mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days


#15 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:10:11 AM

Posted 28 February 2008 - 09:11 PM

Since this issue is resolved this thread will now be closed. Thank you for using Bleeping Computer .

mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users