Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Virtumonde And Now Cpu Constantly Runs


  • This topic is locked This topic is locked
13 replies to this topic

#1 epqe17

epqe17

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:38 PM

Posted 11 May 2008 - 07:59 AM

All,

I have run FSecure and the computer is now clean, however, the CPU (under Fssm32.exe) is still running 30-40% constantly. Here are the logs (as directed):

Deckard's System Scanner v20071014.68
Run by Dan on 2008-05-11 08:40:06
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
26: 2008-05-11 12:40:45 UTC - RP542 - Deckard's System Scanner Restore Point
25: 2008-05-11 03:26:39 UTC - RP541 - CounterSpy - 5/10/2008 11:26:15 PM
24: 2008-05-10 21:11:42 UTC - RP540 - Spyware Doctor: Cleaning Threats
23: 2008-05-10 15:18:52 UTC - RP539 - System Checkpoint
22: 2008-05-06 21:49:43 UTC - RP538 - Software Distribution Service 3.0


-- First Restore Point --
1: 2008-04-17 00:41:48 UTC - RP517 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Dan.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:43:48 AM, on 5/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
C:\Program Files\NetWaiting\netWaiting.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure Internet Security\FSAUA\program\fsus.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Dan\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Dan.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/def.../search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cm.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1C55CA6D-2C5D-40DC-9EEA-6C3CEDD7BDD8} - C:\Program Files\ComPlus Applications\hoqezi83122.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {E50D4542-7258-4B96-9F59-7FB35636A975} - C:\Program Files\ComPlus Applications\hoqezi4444.dll (file missing)
O2 - BHO: (no name) - {F8C02889-DA6C-4AA0-85AA-FD5BB45E5858} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ShowLOMControl] 
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Danielle\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1209180302125
O20 - Winlogon Notify: fccddde - fccddde.dll (file missing)
O20 - Winlogon Notify: iifecyv - iifecyv.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: F-Secure BlackLight Sensor - Unknown owner - C:\WINDOWS\TEMP\F-Secure\Anti-Virus\fsblsrv.exe (file missing)
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 13465 bytes


-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Genuine Intel® CPU T2300 @ 1.66GHz
CPU 1: Genuine Intel® CPU T2300 @ 1.66GHz
Percentage of Memory in Use: 63%
Physical Memory (total/avail): 1014.37 MiB / 369.3 MiB
Pagefile Memory (total/avail): 2441.06 MiB / 1261.5 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1910.44 MiB

C: is Fixed (NTFS) - 69.27 GiB total, 39.81 GiB free.
D: is CDROM (No Media)
E: is Removable (No Media)

\\.\PHYSICALDRIVE0 - ST98823AS - 73.13 GiB - 3 partitions
\PARTITION0 - Unknown - 39.19 MiB
\PARTITION1 (bootable) - Installable File System - 69.27 GiB - C:
\PARTITION2 - Unknown - 3.81 GiB

\\.\PHYSICALDRIVE1 - HP Officejet 6310 USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
AntivirusOverride is set.

FW: Trend Micro PC-cillin Internet Security (Firewall) v12 (Trend Micro, Inc.)
AV: F-Secure Anti-Virus 2008 8.00 v8.00 (F-Secure Corporation)
AV: Trend Micro PC-cillin Internet Security v12.7.1019 (Trend Micro, Inc.) Disabled Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"C:\\WINDOWS\\system32\\LEXPPS.EXE"="C:\\WINDOWS\\system32\\LEXPPS.EXE:*:Enabled:LEXPPS.EXE"
"C:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"="C:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe:*:Enabled:Zoo Tycoon 2 Executable"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Dan\Application Data
CLASSPATH=.;C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=UPSTAIRSCPU
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Dan
LOGONSERVER=\\UPSTAIRSCPU
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 14 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0e08
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Dan\LOCALS~1\Temp
TMP=C:\DOCUME~1\Dan\LOCALS~1\Temp
USERDOMAIN=UPSTAIRSCPU
USERNAME=Dan
USERPROFILE=C:\Documents and Settings\Dan
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Dan (admin)
Andrea (admin)
Jeremy (admin)
Wyatt (admin)
Danielle (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware Scanner"
--> "C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware"
--> "C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus Client Security Installer"
--> "C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus"
--> "C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Automatic Update Agent"
--> "C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure DAAS"
--> "C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Diagnostics"
--> "C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure E-mail Scanning"
--> "C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure FWES"
--> "C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GateKeeper Interface"
--> "C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Gemini"
--> "C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GUI"
--> "C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Help"
--> "C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure HIPS"
--> "C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Localization API"
--> "C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Management Agent"
--> "C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Pegasus Engine"
--> "C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Protocol Scanner"
--> "C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure TNB"
--> "C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Uninstall"
--> C:\PROGRA~1\Yahoo!\Common\unyt.exe
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> MsiExec.exe /I{95D9B4D8-B091-4fab-80EA-313EB4B82FD6}
--> MsiExec.exe /I{EB997E90-5EB0-4eb5-90D0-90B1D2F0CA03}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat - Reader 6.0.2 Update --> MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
AIM 6 --> C:\Program Files\AIM6\uninst.exe
AOLIcon --> MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}
Apple Mobile Device Support --> MsiExec.exe /I{D8AB8F0C-CEEB-4A29-8EF5-219B064813F4}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ArcSoft PhotoImpression 4 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{68D5CEF9-0DA8-47FE-B0EB-4CBFB5AAF662}\setup.exe" -l0x9
Barbie™ Beauty Boutique™ CD-ROM --> C:\Program Files\Common Files\Vivendi Universal Games\Uninstall\BeautyUn.exe
Barbie™ Fashion Show™ CD-ROM --> C:\Program Files\Common Files\Vivendi Universal Games\Uninstall\FashionUn.exe
Blackhawk Striker 2 --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\C0A0AA4D-C79B-48CA-8843-2B02B626C9E6\Uninstall.exe"
Bluetooth Stack for Windows by Toshiba --> MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Broadcom Management Programs --> MsiExec.exe /I{26E1BFB0-E87E-4696-9F89-B467F01F81E5}
Cake Mania Deluxe --> "C:\Program Files\eGames\Cake Mania Deluxe\unins000.exe"
Camera Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D1B3874F-3057-11D6-B2EA-0050BA18806B}\Setup.exe"
Conexant HDA D110 MDC V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028p.inf
Corel Paint Shop Pro X --> MsiExec.exe /I{1A15507A-8551-4626-915D-3D5FA095CC1B}
Corel Photo Album 6 --> MsiExec.exe /X{8A9B8148-DDD7-448F-BD6C-358386D32354}
Dell Digital Jukebox Driver --> C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Game Console --> "C:\Program Files\WildTangent\Apps\Dell Game Console\Uninstall.exe"
Dell Media Experience --> MsiExec.exe /I{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}
Dell Support Center --> MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}
DellSupport --> MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Digital Content Portal --> MsiExec.exe /I{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}
Digital Line Detect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Documentation & Support Launcher --> MsiExec.exe /X{B0DF58A2-40DF-4465-AA56-38623EC9938C}
EarthLink setup files --> MsiExec.exe /X{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}
EducateU --> MsiExec.exe /I{A683A2C0-821C-486F-858C-FA634DB5E864}
ELIcon --> MsiExec.exe /I{4667B940-BB01-428B-986E-A0CC46497BF7}
EZ Game Cheats --> "C:\PROGRA~1\Freeze.com\EZ Game Cheats\UNINSTAL.EXE"
F-Secure Anti-Virus 2008 --> "C:\Program Files\F-Secure Internet Security\FSGUI\PostInstall.exe" /tUnInstall
Games, Music, & Photos Launcher --> MsiExec.exe /X{B6884A07-0305-47AE-9969-8F26FADC17DE}
Get High Speed Internet! --> MsiExec.exe /I{7A3F0566-5E05-4919-9C98-456F6B5CF831}
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Customer Participation Program 7.0 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Document Viewer 7.0 --> C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP Imaging Device Functions 7.0 --> C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Premier Software 6.5 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Photosmart, Officejet and Deskjet 7.0.A --> C:\Program Files\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzscr01.exe -datfile hposcr11.dat
HP Software Update --> MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP Solution Center 7.0 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
Icy Tower v1.3.1 --> "c:\games\icytower1.3\unins000.exe"
Intel® Graphics Media Accelerator Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2
Intel® PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe
Internal Network Card Power Management --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F528948-0E80-4C96-B455-DE4167CB1DF7}\setup.exe" -l0x9 UNINSTALL APPDRVNT4
Internet Service Offers Launcher --> MsiExec.exe /X{E42BD75A-FC23-4E3F-9F91-2658334C644F}
iTunes --> MsiExec.exe /I{B85C4D19-6CEB-48CF-BD98-C887AC8C6F94}
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Learn2 Player (Uninstall Only) --> C:\Program Files\Learn2.com\StRunner\stuninst.exe
Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
mCore --> MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDrWiFi --> MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
mHlpDell --> MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}
Microsoft Office Outlook 2003 with Business Contact Manager Update --> MsiExec.exe /I{BA68600E-96D9-4E92-80F2-26B9681B5A63}
Microsoft Office Small Business Edition 2003 --> MsiExec.exe /I{91CA0409-6000-11D3-8CFE-0150048383C9}
Microsoft Plus! Digital Media Edition Installer --> MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE --> MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ) --> MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Miuchiz - Planet Mion --> C:\PROGRA~1\Miuchiz\UNWISE.EXE C:\PROGRA~1\Miuchiz\INSTALL.LOG
Miuchiz TM Update --> MsiExec.exe /I{48E961F7-28BB-4C40-B4F9-375DF7249862}
mIWA --> MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView --> MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz --> MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
mSSO --> MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}
Musicmatch® Jukebox --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85D3CC30-8859-481A-9654-FD9B74310BEF}\setup.exe" -l0x9 -uninst
mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mWMI --> MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA}
mXML --> MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
My Fantasy Wedding --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3AC8DD1-A754-46D6-A777-6155D627D196}\setup.exe" -l0x9
MySpaceIM --> C:\Program Files\MySpace\IM\Uninstall.exe
mZConfig --> MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
NetWaiting --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
NetZeroInstallers --> MsiExec.exe /X{352310C3-E46B-42D3-8F32-54721FDD72D9}
OCR Software by I.R.I.S 7.0 --> C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
OLYMPUS Master 2 --> MsiExec.exe /X{CB49B376-1136-44B4-83FA-036334B59937}
OLYMPUS muvee theaterPack --> MsiExec.exe /X{DDDE47E5-C711-4D17-9FA6-E3D7C340192A}
Photo Click --> MsiExec.exe /I{6E179C77-7335-458D-9537-4F4EAC0181ED}
Polar Bowler --> "C:\Program Files\WildTangent\Apps\GameChannel\Games\26D2C2C3-CF14-4ED7-B1FC-0BE64AFBA3B3\Uninstall.exe"
PowerDVD 5.7 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
Qualxserve Service Agreement --> MsiExec.exe /X{0F756CD9-4A1E-409B-B101-601DDC4C03AA}
QuickSet --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9 APPDRVNT4
QuickTime --> MsiExec.exe /I{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA}
RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
RollerCoaster Tycoon 2 Triple Thrill Pack --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C5D15D2-5351-4F05-A96E-56C20554F977}\Setup.exe" -l0x9
Sandlot Games Client Services --> "C:\Program Files\Common Files\Sandlot Shared\unins000.exe"
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Spyware Doctor 5.1 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
The Sims Complete Collection --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F2527115-B8BF-4FDB-B5DA-5AADFB7C13E1}\setup.exe" -l0x9 -l0009
Time to Play Pet Shop --> C:\Program Files\The Learning Company\Time to Play Pet Shop\uninstal.exe
Tradewinds 2 --> "C:\Program Files\Dell Games\Tradewinds 2\Uninstall.exe"
Trend Micro PC-cillin Internet Security 12 --> MsiExec.exe /X{7698EDA5-A90F-4205-99CB-8FF6F9048ED9}
WebCyberCoach 3.2 Dell --> "C:\Program Files\WebCyberCoach\b_Dell\WCC_Wipe.exe" "WebCyberCoach ext\wtrb" /inf "engine.inf,RealUninstallSection,,4" /infcfg "enginecf.inf,RealUninstallSection,,4"
West Point Bridge Designer 2007 --> C:\WINDOWS\iun6002.exe "C:\Program Files\West Point Bridge Designer 2007\irunin.ini"
WildTangent Web Driver --> C:\Program Files\WildTangent\Apps\CDA\CDAUninstall.exe
XoftSpySE --> C:\Program Files\XoftSpySE\uninstall.exe
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe
Zoo Tycoon 2 --> "C:\Program Files\Microsoft Games\Zoo Tycoon 2\UNINSTAL.EXE" /runtemp /uninstall


-- Application Event Log -------------------------------------------------------

Event Record #/Type18488 / Error
Event Submitted/Written: 05/11/2008 08:42:44 AM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Event Record #/Type18487 / Error
Event Submitted/Written: 05/11/2008 06:46:10 AM
Event ID/Source: 103 / Message from F-Secure Anti-Virus on
Event Description:
131 2008-05-11 06:46:10-04:00 upstairscpu UPSTAIRSCPU\Dan Message from F-Secure Anti-Virus on
Spyware detected:
Type: adware
Family:
Name: AdWare.Win32.Virtumonde
Object: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP531\A0153990.dll

Event Record #/Type18486 / Error
Event Submitted/Written: 05/11/2008 04:28:43 AM
Event ID/Source: 103 / Message from F-Secure Anti-Virus on
Event Description:
130 2008-05-11 04:28:42-04:00 upstairscpu UPSTAIRSCPU\Dan Message from F-Secure Anti-Virus on
Spyware detected:
Type: adware
Family:
Name: AdWare.Win32.Virtumonde
Object: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP531\A0153990.dll

Event Record #/Type18485 / Error
Event Submitted/Written: 05/11/2008 02:54:32 AM
Event ID/Source: 103 / Message from F-Secure Anti-Virus on
Event Description:
129 2008-05-11 02:54:32-04:00 upstairscpu UPSTAIRSCPU\Dan Message from F-Secure Anti-Virus on
Spyware detected:
Type: adware
Family:
Name: AdWare.Win32.Virtumonde
Object: C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP531\A0153990.dll

Event Record #/Type18484 / Error
Event Submitted/Written: 05/11/2008 02:48:57 AM
Event ID/Source: 103 / Message from F-Secure Anti-Virus on
Event Description:
128 2008-05-11 02:48:57-04:00 upstairscpu UPSTAIRSCPU\Dan Message from F-Secure Anti-Virus on
Manual scanning was finished - workstation was found infected!



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type37960 / Error
Event Submitted/Written: 05/11/2008 00:03:14 AM
Event ID/Source: 10016 / DCOM
Event Description:
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{BA126AD1-2166-11D1-B1D0-00805FC1270E}
to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.

Event Record #/Type37959 / Error
Event Submitted/Written: 05/10/2008 11:56:37 PM
Event ID/Source: 10016 / DCOM
Event Description:
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{BA126AD1-2166-11D1-B1D0-00805FC1270E}
to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.

Event Record #/Type37958 / Warning
Event Submitted/Written: 05/10/2008 11:54:28 PM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type37957 / Error
Event Submitted/Written: 05/10/2008 05:26:00 PM
Event ID/Source: 1 / F-Secure Gatekeeper
Event Description:
\Device\HarddiskVolume2...~uga6psetup.exe

Event Record #/Type37955 / Error
Event Submitted/Written: 05/10/2008 10:24:03 AM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The IMAPI CD-Burning COM Service service failed to start due to the following error:
%%1053



-- End of Deckard's System Scanner: finished at 2008-05-11 08:45:20 ------------

Let me know if I have virue remnents left over from the scan and what is the root casue of the problem. Many thanks.

BC AdBot (Login to Remove)

 


m

#2 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:08:38 PM

Posted 12 May 2008 - 02:36 PM

Hi

Fssm32.exe is part of F-Secure Internet Security Anti-Virus

C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe

As with many other anti-virus programs, they are resource intensive ... I use AVG FREE Anti-Virus & I don't even notice, it uses so little ...

Your DSS log (the first one) should show more than just a hijackthis log ... which is clean, apart from some orphan registry keys ...

Please run DSS again & post the new log (or post the full original if you have it)...

If we don't get more information from it, then I'll get you to run a different program.

-

You are running an out-of-date version of java

Go to add/remove programs and uninstall any earlier versions ... in your case :-

Java 2 Runtime Environment, SE v1.4.2_03

Then You can go here and install the latest version of Java.

http://java.sun.com/javase/downloads/index.jsp

Scroll down the page to 'Java Runtime Environment (JRE) 6 Update 6' and press the 'Download' button.


Running an out-of-date version of java is an infection risk.

steam
MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image

#3 epqe17

epqe17
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:38 PM

Posted 16 May 2008 - 10:33 PM

Steamwiz,

I ran it again and this is the reult:

Deckard's System Scanner v20071014.68
Run by Dan on 2008-05-16 23:24:42
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 82% (more than 75%).


-- HijackThis (run as Dan.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:25:58 PM, on 5/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\F-Secure Internet Security\FSAUA\program\fsus.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Dan\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Dan.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/def.../search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cm.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://cm.my.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1C55CA6D-2C5D-40DC-9EEA-6C3CEDD7BDD8} - C:\Program Files\ComPlus Applications\hoqezi83122.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {E50D4542-7258-4B96-9F59-7FB35636A975} - C:\Program Files\ComPlus Applications\hoqezi4444.dll (file missing)
O2 - BHO: (no name) - {F8C02889-DA6C-4AA0-85AA-FD5BB45E5858} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ShowLOMControl] 
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\IMVUClient.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Danielle\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1209180302125
O20 - Winlogon Notify: fccddde - fccddde.dll (file missing)
O20 - Winlogon Notify: iifecyv - iifecyv.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: F-Secure BlackLight Sensor - Unknown owner - C:\WINDOWS\TEMP\F-Secure\Anti-Virus\fsblsrv.exe (file missing)
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 13797 bytes

-- Files created between 2008-04-16 and 2008-05-16 -----------------------------

2008-05-16 18:26:02 0 d-------- C:\WINDOWS\LastGood
2008-05-11 22:17:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-04-28 03:33:04 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-04-27 16:27:32 0 d-------- C:\VundoFix Backups
2008-04-26 00:58:43 0 d-------- C:\Documents and Settings\Dan\Application Data\F-Secure
2008-04-26 00:39:18 0 d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
2008-04-26 00:37:11 0 d-------- C:\Program Files\F-Secure Internet Security
2008-04-26 00:35:23 0 d-------- C:\Documents and Settings\All Users\Application Data\fssg
2008-04-25 23:39:36 0 d-------- C:\Documents and Settings\Dan\Application Data\Mozilla
2008-04-23 03:48:02 0 --a------ C:\WINDOWS\system32\SBRC.dat
2008-04-23 03:48:02 0 --a------ C:\WINDOWS\system32\SBFC.dat


-- Find3M Report ---------------------------------------------------------------

2008-05-16 19:01:25 0 d-------- C:\Program Files\Spyware Doctor
2008-05-11 22:53:34 0 d-------- C:\Documents and Settings\Dan\Application Data\Apple Computer
2008-05-11 10:32:08 0 d-------- C:\Program Files\XoftSpySE
2008-04-26 00:08:31 0 d-------- C:\Program Files\Trend Micro
2008-04-21 03:12:17 404016 --ahs---- C:\WINDOWS\system32\bccdd.ini2
2008-04-20 20:47:45 0 d-------- C:\Program Files\nvcoi
2008-03-25 04:46:48 0 --ahs---- C:\WINDOWS\system32\ttvwa.ini2
2008-03-24 20:22:02 289820 --ahs---- C:\WINDOWS\system32\kjllm.ini2
2008-03-24 19:21:05 295841 --ahs---- C:\WINDOWS\system32\edeeg.ini2
2008-03-24 04:22:52 0 d-------- C:\Program Files\Common Files
2008-03-23 09:40:52 0 d-------- C:\Program Files\NoDNS
2008-03-23 09:25:00 0 --ahs---- C:\WINDOWS\system32\llkkj.ini2


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1C55CA6D-2C5D-40DC-9EEA-6C3CEDD7BDD8}]
C:\Program Files\ComPlus Applications\hoqezi83122.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E50D4542-7258-4B96-9F59-7FB35636A975}]
C:\Program Files\ComPlus Applications\hoqezi4444.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F8C02889-DA6C-4AA0-85AA-FD5BB45E5858}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [11/19/2005 04:41 AM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [11/19/2005 04:38 AM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [11/19/2005 04:42 AM]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [11/29/2005 05:56 AM]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [12/28/2005 12:55 PM]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [12/28/2005 12:56 PM]
"SigmatelSysTrayApp"="stsystra.exe" [11/16/2005 10:35 PM C:\WINDOWS\stsystra.exe]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [12/15/2005 11:44 AM]
"ShowLOMControl"="1 (0x1)" []
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [12/09/2005 09:29 PM]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [12/06/2004 02:05 AM]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [06/10/2005 11:44 AM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [06/10/2005 11:44 AM]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [01/27/2005 02:02 AM]
"@"="" []
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe" [08/30/2005 05:42 PM]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [09/08/2005 08:20 PM]
"SBCSTray"="C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe" [08/27/2007 12:09 PM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [02/19/2006 03:41 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [01/10/2008 04:27 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [01/15/2008 04:22 AM]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [11/15/2007 10:24 AM]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [11/11/2007 10:32 PM]
"F-Secure Manager"="C:\Program Files\F-Secure Internet Security\Common\FSM32.exe" [05/25/2007 09:12 AM]
"F-Secure TNB"="C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" [05/25/2007 09:11 AM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [09/10/2003 03:24 AM]
"OE_OEM"="C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 06:00 AM]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [03/15/2007 11:09 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccddde]
fccddde.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifecyv]
iifecyv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ddccb.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBCSSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"




-- End of Deckard's System Scanner: finished at 2008-05-16 23:27:07 ------------


What is interesting is that the cpu goes to idle AFTER the DSS is run.

#4 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:08:38 PM

Posted 17 May 2008 - 06:19 PM

HI

You haven't updated your java ...

The DSS log's better ...

Please run these programs now :-

Hi

Please run a Kaspersky Online Scan

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

Click Accept

You will be promted to install an ActiveX component from Kaspersky,
Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives Scan Mail Bases
  • Click OK
  • Now under select a target to scan: Select My Computer
  • The program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Once finished, save the log to your Desktop as filename KAV.txt
THEN ...

Please Download Malwarebytes' Anti-Malware from Here :-

http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html

or here :-

http://www.besttechie.net/tools/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy and Paste the entire report in your next reply.

THEN ...

Please follow these directions to run Combofix & post a log.

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

steam
MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image

#5 epqe17

epqe17
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:38 PM

Posted 18 May 2008 - 06:46 PM

OK.

Here are the logs in sequence:

KAV:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, May 18, 2008 5:52:14 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 18/05/2008
Kaspersky Anti-Virus database records: 783219
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 136193
Number of viruses found: 32
Number of infected objects: 118
Number of suspicious objects: 0
Duration of the scan process: 02:16:24

Infected Object Name / Virus Name / Last Action
C:\Deckard\System Scanner\20080516232405\backup\DOCUME~1\Dan\LOCALS~1\Temp\NI.UGA6P_0001_N111M1707\setup.exe Object is locked skipped
C:\Documents and Settings\All Users\Application Data\F-Secure\logs\FSMA\fsma.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0f0e95f8a77cb7c76796871b4a2ca5f8_50e417e0-e461-474b-96e2-077b80325612 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_50e417e0-e461-474b-96e2-077b80325612 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5d9e686c802c929fdb4dbd7fc92b69c2_50e417e0-e461-474b-96e2-077b80325612 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d6efbc1341d686215828b8a529002890_50e417e0-e461-474b-96e2-077b80325612 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d953eda3e26304d35e06e3f99844845b_50e417e0-e461-474b-96e2-077b80325612 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare Object is locked skipped
C:\Documents and Settings\All Users\Application Data\SupportSoft\DellSupportCenter\SYSTEM\state\logs\sprtcmd.log Object is locked skipped
C:\Documents and Settings\Andrea\Local Settings\Temp\NI.UGA6P_0001_N111M1707\setup.exe Object is locked skipped
C:\Documents and Settings\Andrea\Local Settings\Temp\~uga6psetup.exe/file04 Infected: not-a-virus:RiskTool.Win32.PsKill.an skipped
C:\Documents and Settings\Andrea\Local Settings\Temp\~uga6psetup.exe/file14 Infected: not-a-virus:FraudTool.Win32.BestSeller.a skipped
C:\Documents and Settings\Andrea\Local Settings\Temp\~uga6psetup.exe/file20 Infected: not-a-virus:FraudTool.Win32.BestSeller.a skipped
C:\Documents and Settings\Andrea\Local Settings\Temp\~uga6psetup.exe/file23 Infected: not-a-virus:FraudTool.Win32.BestSeller.a skipped
C:\Documents and Settings\Andrea\Local Settings\Temp\~uga6psetup.exe/file24 Infected: not-a-virus:FraudTool.Win32.BestSeller.a skipped
C:\Documents and Settings\Andrea\Local Settings\Temp\~uga6psetup.exe/file26 Infected: not-a-virus:FraudTool.Win32.BestSeller.c skipped
C:\Documents and Settings\Andrea\Local Settings\Temp\~uga6psetup.exe/file34 Infected: not-a-virus:FraudTool.Win32.BestSeller.a skipped
C:\Documents and Settings\Andrea\Local Settings\Temp\~uga6psetup.exe/file35 Infected: not-a-virus:FraudTool.Win32.BestSeller.k skipped
C:\Documents and Settings\Andrea\Local Settings\Temp\~uga6psetup.exe/file36 Infected: not-a-virus:FraudTool.Win32.BestSeller.a skipped
C:\Documents and Settings\Andrea\Local Settings\Temp\~uga6psetup.exe/file71 Infected: not-a-virus:Downloader.Win32.WinFixer.bm skipped
C:\Documents and Settings\Andrea\Local Settings\Temp\~uga6psetup.exe Inno: infected - 10 skipped
C:\Documents and Settings\Dan\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt.log Object is locked skipped
C:\Documents and Settings\Dan\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt_GTActions.log Object is locked skipped
C:\Documents and Settings\Dan\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\gdql_d_DSAgnt.log Object is locked skipped
C:\Documents and Settings\Dan\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\glog.log Object is locked skipped
C:\Documents and Settings\Dan\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\ApplicationHistory\hpqimzone.exe.3204510e.ini.inuse Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\ApplicationHistory\sprtcmd.exe.63e7480d.ini.inuse Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\BVRP Software\NetWaiting\MoHlog.txt Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\HP\Digital Imaging\db\t.administrativeInfo.dbf Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\HP\Digital Imaging\db\t.albumImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\HP\Digital Imaging\db\t.albumImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\HP\Digital Imaging\db\t.albumTable.cdx Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\HP\Digital Imaging\db\t.albumTable.dbf Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\HP\Digital Imaging\db\t.EXIFTable.cdx Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\HP\Digital Imaging\db\t.EXIFTable.dbf Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\HP\Digital Imaging\db\t.imageTable.cdx Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\HP\Digital Imaging\db\t.imageTable.dbf Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\HP\Digital Imaging\db\t.imageTable.fpt Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\HP\Digital Imaging\db\t.keywordImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\HP\Digital Imaging\db\t.keywordImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\HP\Digital Imaging\db\t.keywordTable.cdx Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\HP\Digital Imaging\db\t.keywordTable.dbf Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\HP\Digital Imaging\db\t.managedFolderTable.dbf Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\HP\Digital Imaging\db\t.pathnameTable.cdx Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\HP\Digital Imaging\db\t.pathnameTable.dbf Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\HP\Digital Imaging\db\t.propertiesTable.cdx Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\HP\Digital Imaging\db\t.propertiesTable.dbf Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\HP\Digital Imaging\db\t.ROFImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\HP\Digital Imaging\db\t.ROFImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\HP\Digital Imaging\db\t.ROFTable.cdx Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\HP\Digital Imaging\db\t.ROFTable.dbf Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\SupportSoft\DellSupportCenter\Dan\state\logs\sprtcmd.log Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\History\History.IE5\MSHist012008051820080519\index.dat Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Temp\hpodvd09.log Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Temp\~DF2FF9.tmp Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Temp\~DF70A6.tmp Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Dan\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Dan\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Danielle\Local Settings\Temp\is-0ULS5.tmp\ProcKill.exe Object is locked skipped
C:\Documents and Settings\Danielle\Local Settings\Temp\NI.UGA6P_0001_N111M1707\setup.exe Object is locked skipped
C:\Documents and Settings\Danielle\Local Settings\Temp\~uga6psetup.exe/file04 Infected: not-a-virus:RiskTool.Win32.PsKill.an skipped
C:\Documents and Settings\Danielle\Local Settings\Temp\~uga6psetup.exe/file14 Infected: not-a-virus:FraudTool.Win32.BestSeller.a skipped
C:\Documents and Settings\Danielle\Local Settings\Temp\~uga6psetup.exe/file20 Infected: not-a-virus:FraudTool.Win32.BestSeller.a skipped
C:\Documents and Settings\Danielle\Local Settings\Temp\~uga6psetup.exe/file23 Infected: not-a-virus:FraudTool.Win32.BestSeller.a skipped
C:\Documents and Settings\Danielle\Local Settings\Temp\~uga6psetup.exe/file24 Infected: not-a-virus:FraudTool.Win32.BestSeller.a skipped
C:\Documents and Settings\Danielle\Local Settings\Temp\~uga6psetup.exe/file26 Infected: not-a-virus:FraudTool.Win32.BestSeller.c skipped
C:\Documents and Settings\Danielle\Local Settings\Temp\~uga6psetup.exe/file34 Infected: not-a-virus:FraudTool.Win32.BestSeller.a skipped
C:\Documents and Settings\Danielle\Local Settings\Temp\~uga6psetup.exe/file35 Infected: not-a-virus:FraudTool.Win32.BestSeller.k skipped
C:\Documents and Settings\Danielle\Local Settings\Temp\~uga6psetup.exe/file36 Infected: not-a-virus:FraudTool.Win32.BestSeller.a skipped
C:\Documents and Settings\Danielle\Local Settings\Temp\~uga6psetup.exe/file71 Infected: not-a-virus:Downloader.Win32.WinFixer.bm skipped
C:\Documents and Settings\Danielle\Local Settings\Temp\~uga6psetup.exe Inno: infected - 10 skipped
C:\Documents and Settings\Danielle\Local Settings\Temporary Internet Files\Content.IE5\Q6UWAMTA\ptch[1].0 Infected: Trojan.Win32.Monder.bc skipped
C:\Documents and Settings\Jeremy\Local Settings\Temp\is-RJD1L.tmp\ProcKill.exe Object is locked skipped
C:\Documents and Settings\Jeremy\Local Settings\Temp\NI.UGA6P_0001_N111M1707\setup.exe Object is locked skipped
C:\Documents and Settings\Jeremy\Local Settings\Temp\~uga6psetup.exe/file04 Infected: not-a-virus:RiskTool.Win32.PsKill.an skipped
C:\Documents and Settings\Jeremy\Local Settings\Temp\~uga6psetup.exe/file14 Infected: not-a-virus:FraudTool.Win32.BestSeller.a skipped
C:\Documents and Settings\Jeremy\Local Settings\Temp\~uga6psetup.exe/file20 Infected: not-a-virus:FraudTool.Win32.BestSeller.a skipped
C:\Documents and Settings\Jeremy\Local Settings\Temp\~uga6psetup.exe/file23 Infected: not-a-virus:FraudTool.Win32.BestSeller.a skipped
C:\Documents and Settings\Jeremy\Local Settings\Temp\~uga6psetup.exe/file24 Infected: not-a-virus:FraudTool.Win32.BestSeller.a skipped
C:\Documents and Settings\Jeremy\Local Settings\Temp\~uga6psetup.exe/file26 Infected: not-a-virus:FraudTool.Win32.BestSeller.c skipped
C:\Documents and Settings\Jeremy\Local Settings\Temp\~uga6psetup.exe/file34 Infected: not-a-virus:FraudTool.Win32.BestSeller.a skipped
C:\Documents and Settings\Jeremy\Local Settings\Temp\~uga6psetup.exe/file35 Infected: not-a-virus:FraudTool.Win32.BestSeller.k skipped
C:\Documents and Settings\Jeremy\Local Settings\Temp\~uga6psetup.exe/file36 Infected: not-a-virus:FraudTool.Win32.BestSeller.a skipped
C:\Documents and Settings\Jeremy\Local Settings\Temp\~uga6psetup.exe/file71 Infected: not-a-virus:Downloader.Win32.WinFixer.bm skipped
C:\Documents and Settings\Jeremy\Local Settings\Temp\~uga6psetup.exe Inno: infected - 10 skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Wyatt\Local Settings\Temp\NI.UGA6P_0001_N111M1707\setup.exe Object is locked skipped
C:\Documents and Settings\Wyatt\Local Settings\Temp\~uga6psetup.exe/file04 Infected: not-a-virus:RiskTool.Win32.PsKill.an skipped
C:\Documents and Settings\Wyatt\Local Settings\Temp\~uga6psetup.exe/file14 Infected: not-a-virus:FraudTool.Win32.BestSeller.a skipped
C:\Documents and Settings\Wyatt\Local Settings\Temp\~uga6psetup.exe/file20 Infected: not-a-virus:FraudTool.Win32.BestSeller.a skipped
C:\Documents and Settings\Wyatt\Local Settings\Temp\~uga6psetup.exe/file23 Infected: not-a-virus:FraudTool.Win32.BestSeller.a skipped
C:\Documents and Settings\Wyatt\Local Settings\Temp\~uga6psetup.exe/file24 Infected: not-a-virus:FraudTool.Win32.BestSeller.a skipped
C:\Documents and Settings\Wyatt\Local Settings\Temp\~uga6psetup.exe/file26 Infected: not-a-virus:FraudTool.Win32.BestSeller.c skipped
C:\Documents and Settings\Wyatt\Local Settings\Temp\~uga6psetup.exe/file34 Infected: not-a-virus:FraudTool.Win32.BestSeller.a skipped
C:\Documents and Settings\Wyatt\Local Settings\Temp\~uga6psetup.exe/file35 Infected: not-a-virus:FraudTool.Win32.BestSeller.k skipped
C:\Documents and Settings\Wyatt\Local Settings\Temp\~uga6psetup.exe/file36 Infected: not-a-virus:FraudTool.Win32.BestSeller.a skipped
C:\Documents and Settings\Wyatt\Local Settings\Temp\~uga6psetup.exe/file71 Infected: not-a-virus:Downloader.Win32.WinFixer.bm skipped
C:\Documents and Settings\Wyatt\Local Settings\Temp\~uga6psetup.exe Inno: infected - 10 skipped
C:\Documents and Settings\Wyatt\Local Settings\Temporary Internet Files\Content.IE5\B9I2IBN3\css4[1].0 Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\Wyatt\Local Settings\Temporary Internet Files\Content.IE5\B9I2IBN3\css4[2].0 Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\Wyatt\Local Settings\Temporary Internet Files\Content.IE5\B9I2IBN3\hctp[2].0 Infected: Trojan.Win32.Monder.o skipped
C:\Documents and Settings\Wyatt\Local Settings\Temporary Internet Files\Content.IE5\B9I2IBN3\install_en[1].exe Object is locked skipped
C:\Documents and Settings\Wyatt\Local Settings\Temporary Internet Files\Content.IE5\UIE7IFND\css4[1].0 Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\Wyatt\Local Settings\Temporary Internet Files\Content.IE5\YK2IB2XY\837b3ea01558996dea8c3b76e04cf7f2[1].zip/b149.exe Infected: not-a-virus:Downloader.Win32.Agent.ak skipped
C:\Documents and Settings\Wyatt\Local Settings\Temporary Internet Files\Content.IE5\YK2IB2XY\837b3ea01558996dea8c3b76e04cf7f2[1].zip ZIP: infected - 1 skipped
C:\Documents and Settings\Wyatt\Local Settings\Temporary Internet Files\Content.IE5\YK2IB2XY\css4[1].0 Infected: Trojan.Win32.Monder.gen skipped
C:\Program Files\F-Secure Internet Security\Anti-Virus\dbupdate.log Object is locked skipped
C:\Program Files\F-Secure Internet Security\Anti-Virus\deleteme_msg.log Object is locked skipped
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe.Qrt.log Object is locked skipped
C:\Program Files\F-Secure Internet Security\Anti-Virus\perf.dat Object is locked skipped
C:\Program Files\F-Secure Internet Security\Anti-Virus\power.dat Object is locked skipped
C:\Program Files\F-Secure Internet Security\Common\policy.bpf Object is locked skipped
C:\Program Files\F-Secure Internet Security\Common\policy.ipf Object is locked skipped
C:\Program Files\F-Secure Internet Security\FSAUA\fsbwupst.log Object is locked skipped
C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.dbg Object is locked skipped
C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.log Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\master.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\mastlog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\model.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\modellog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\tempdb.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\templog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\LOG\ERRORLOG Object is locked skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\1F.tmp Infected: not-a-virus:AdTool.Win32.MyWebSearch.l skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\20.tmp Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\3F.tmp Infected: not-a-virus:AdTool.Win32.MyWebSearch.l skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\40.tmp Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\66E.tmp Infected: not-a-virus:Downloader.Win32.WinFixer.dz skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\66F.tmp Infected: not-a-virus:Downloader.Win32.WinFixer.dz skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\670.tmp/data0003 Infected: Trojan.Win32.Scapur.k skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\670.tmp NSIS: infected - 1 skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\670.tmp CryptFF.b: infected - 1 skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\671.tmp/data0006 Infected: Trojan-Downloader.Win32.VB.caw skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\671.tmp NSIS: infected - 1 skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\671.tmp CryptFF.b: infected - 1 skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\672.tmp/UGA6P_0001_N122M2802NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.au skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\672.tmp CAB: infected - 1 skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\672.tmp CryptFF.b: infected - 1 skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\674.tmp Infected: Trojan.Win32.Monder.gen skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B.tmp Infected: Trojan.Win32.BHO.ab skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\C.tmp/data0004 Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\C.tmp/data0005 Infected: Trojan-Clicker.HTML.IFrame.dn skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\C.tmp NSIS: infected - 2 skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\C.tmp CryptFF.b: infected - 2 skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\D.tmp Infected: Trojan.Win32.Agent.bck skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\euungjyh_688.VIR Infected: not-a-virus:AdWare.Win32.SecToolBar.f skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\euungjyh_964.VIR Infected: not-a-virus:AdWare.Win32.SecToolBar.f skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\euungjyh_970.VIR Infected: not-a-virus:AdWare.Win32.SecToolBar.f skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP517\A0139352.0ll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP517\A0139353.0ll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP517\A0139354.dll Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP517\A0140352.dll Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP518\A0142352.dll Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP521\A0143443.0ll Infected: Trojan.Win32.Monder.cq skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP521\A0143448.0ll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP521\A0143449.0ll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP525\A0150526.dll Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP525\A0150535.dll Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP531\A0153991.dll Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP531\A0153992.dll Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP531\A0153993.dll Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP531\A0153994.dll Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP531\A0153995.dll Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP531\A0153996.dll Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP531\A0154015.dll Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP531\A0155039.0ll Infected: Trojan.Win32.KillAV.rf skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP531\A0155040.0ll Infected: Trojan.Win32.KillAV.rf skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP532\A0156065.DLL Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP532\A0156066.dll Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP532\A0156070.dll Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP532\A0156071.0ll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP532\A0156072.0ll Infected: Trojan.Win32.Monder.bl skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP532\A0156073.0ll Infected: Trojan.Win32.Monder.ba skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP532\A0156074.0ll Infected: Trojan.Win32.Monder.y skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP532\A0156075.0ll Infected: Trojan.Win32.Monder.t skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP532\A0156076.0ll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP532\A0156077.0ll Infected: Trojan.Win32.Monder.az skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP532\A0156078.0ll Infected: Trojan.Win32.Monder.bb skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP532\A0156079.0ll Infected: Trojan.Win32.Monder.bl skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP532\A0156080.0ll Infected: Trojan.Win32.Monder.ba skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP532\A0156081.0ll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP532\A0156082.dll Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP532\A0156083.0ll Infected: Trojan.Win32.Monder.bp skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP532\A0156084.0ll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP532\A0156085.0ll Infected: Trojan.Win32.Monder.az skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP532\A0156086.0ll Infected: Trojan.Win32.Monder.az skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP532\A0156087.0ll Infected: Trojan.Win32.Monder.ay skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP532\A0156088.dll Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP532\A0156089.dll Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP532\A0156090.0ll Infected: Trojan.Win32.Monder.s skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP532\A0156091.dll Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP532\A0156092.0ll Infected: Trojan.Win32.Monder.bc skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP532\A0156093.exe Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP539\A0165172.0ll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP539\A0165173.0ll Infected: Trojan.Win32.Monder.az skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP539\A0165174.0ll Infected: Trojan.Win32.Monder.v skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP539\A0165175.dll Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP540\A0165186.exe/file04 Infected: not-a-virus:RiskTool.Win32.PsKill.an skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP540\A0165186.exe/file14 Infected: not-a-virus:FraudTool.Win32.BestSeller.a skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP540\A0165186.exe/file20 Infected: not-a-virus:FraudTool.Win32.BestSeller.a skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP540\A0165186.exe/file23 Infected: not-a-virus:FraudTool.Win32.BestSeller.a skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP540\A0165186.exe/file24 Infected: not-a-virus:FraudTool.Win32.BestSeller.a skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP540\A0165186.exe/file26 Infected: not-a-virus:FraudTool.Win32.BestSeller.c skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP540\A0165186.exe/file34 Infected: not-a-virus:FraudTool.Win32.BestSeller.a skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP540\A0165186.exe/file35 Infected: not-a-virus:FraudTool.Win32.BestSeller.k skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP540\A0165186.exe/file36 Infected: not-a-virus:FraudTool.Win32.BestSeller.a skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP540\A0165186.exe/file71 Infected: not-a-virus:Downloader.Win32.WinFixer.bm skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP540\A0165186.exe Inno: infected - 10 skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP550\change.log Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\hkfhywse.0ll Infected: Trojan.Win32.KillAV.rf skipped
C:\WINDOWS\system32\mmsobype.0ll Infected: Trojan.Win32.KillAV.rf skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_7e0.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.


Then MBAM:

Malwarebytes' Anti-Malware 1.12
Database version: 762

Scan type: Quick Scan
Objects scanned: 71843
Time elapsed: 23 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 15
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 12
Files Infected: 23

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\{ff46f4ab-a85f-487e-b399-3f191ac0fe23} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e4a04a1-a24d-45ae-aca4-949778400813} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{63334394-3da3-4b29-a041-03535909d361} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\testcpv6.bho (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\testCPV6.DLL (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{178d4e6a-ba5a-4ecb-8521-f7b8393fdb97} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{91223de9-f8e6-4ffd-8889-be6784c18696} (Trojan.Conhook) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\WINDOWS\system32\que1 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\comms2 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\a8 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ipd2 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iDlo01 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\NoDNS (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\nvcoi (Trojan.Stars) -> Quarantined and deleted successfully.
C:\Documents and Settings\Wyatt\Start Menu\Programs\Outerinfo (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Wyatt\Local Settings\Temp\NI.UGA6P_0001_N111M1707 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jeremy\Local Settings\Temp\NI.UGA6P_0001_N111M1707 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Danielle\Local Settings\Temp\NI.UGA6P_0001_N111M1707 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Local Settings\Temp\NI.UGA6P_0001_N111M1707 (Rogue.Multiple) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\hkfhywse.0ll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mmsobype.0ll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\Documents and Settings\Danielle\Local Settings\Temporary Internet Files\Content.IE5\Q6UWAMTA\ptch[1].0 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Wyatt\Local Settings\Temp\is-BSQ5B.tmp\gfl.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jeremy\Local Settings\Temp\is-JS0IB.tmp\gfl.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jeremy\Local Settings\Temp\is-RJD1L.tmp\gfl.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Danielle\Local Settings\Temp\is-0ULS5.tmp\gfl.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Danielle\Local Settings\Temp\is-UDF86.tmp\gfl.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\NoDNS\UnInstall.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\nvcoi\mst.stt (Trojan.Stars) -> Quarantined and deleted successfully.
C:\Documents and Settings\Wyatt\Start Menu\Programs\Outerinfo\Uninstall.lnk (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Wyatt\Local Settings\Temp\NI.UGA6P_0001_N111M1707\settings.ini (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Wyatt\Local Settings\Temp\NI.UGA6P_0001_N111M1707\setup.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Wyatt\Local Settings\Temp\NI.UGA6P_0001_N111M1707\setup.len (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jeremy\Local Settings\Temp\NI.UGA6P_0001_N111M1707\settings.ini (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jeremy\Local Settings\Temp\NI.UGA6P_0001_N111M1707\setup.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jeremy\Local Settings\Temp\NI.UGA6P_0001_N111M1707\setup.len (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Danielle\Local Settings\Temp\NI.UGA6P_0001_N111M1707\settings.ini (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Danielle\Local Settings\Temp\NI.UGA6P_0001_N111M1707\setup.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Danielle\Local Settings\Temp\NI.UGA6P_0001_N111M1707\setup.len (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Local Settings\Temp\NI.UGA6P_0001_N111M1707\settings.ini (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Local Settings\Temp\NI.UGA6P_0001_N111M1707\setup.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Andrea\Local Settings\Temp\NI.UGA6P_0001_N111M1707\setup.len (Rogue.Multiple) -> Quarantined and deleted successfully.


Finally ComboFix:


ComboFix 08-05-15.3 - Dan 2008-05-18 19:13:03.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.478 [GMT -4:00]
Running from: C:\Documents and Settings\Dan\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Andrea\Application Data\BestsellerAntivirus
C:\Documents and Settings\Andrea\Application Data\BestsellerAntivirus\avtasks.dat
C:\Documents and Settings\Andrea\Application Data\BestsellerAntivirus\Logs\av.log
C:\Documents and Settings\Andrea\Application Data\BestsellerAntivirus\Logs\ga6Support.log
C:\Documents and Settings\Andrea\Application Data\FunWebProducts
C:\Documents and Settings\Andrea\Application Data\FunWebProducts\Data\Andrea\avatar.dat
C:\Documents and Settings\Danielle\Application Data\BestsellerAntivirus
C:\Documents and Settings\Danielle\Application Data\BestsellerAntivirus\avtasks.dat
C:\Documents and Settings\Danielle\Application Data\BestsellerAntivirus\Logs\av.log
C:\Documents and Settings\Danielle\Application Data\BestsellerAntivirus\Logs\ga6Support.log
C:\Documents and Settings\Danielle\Application Data\FunWebProducts
C:\Documents and Settings\Danielle\Application Data\FunWebProducts\Data\Danielle\avatar.dat
C:\Documents and Settings\Danielle\Application Data\FunWebProducts\Data\Danielle\register.dat
C:\Documents and Settings\Danielle\Application Data\FunWebProducts\Data\Danielle\zbucks.dat
C:\Documents and Settings\Jeremy\Application Data\FunWebProducts
C:\Documents and Settings\Jeremy\Application Data\FunWebProducts\Data\Jeremy\avatar.dat
C:\Documents and Settings\Jeremy\Application Data\FunWebProducts\Data\Jeremy\zbucks.dat
C:\Documents and Settings\Wyatt\Application Data\BestsellerAntivirus
C:\Documents and Settings\Wyatt\Application Data\BestsellerAntivirus\avtasks.dat
C:\Documents and Settings\Wyatt\Application Data\BestsellerAntivirus\Logs\av.log
C:\Documents and Settings\Wyatt\Application Data\BestsellerAntivirus\Logs\ga6Support.log
C:\Documents and Settings\Wyatt\Application Data\BestsellerAntivirus\Logs\update.log
C:\Documents and Settings\Wyatt\Application Data\FunWebProducts
C:\Documents and Settings\Wyatt\Application Data\FunWebProducts\Data\Wyatt\avatar.dat
C:\Documents and Settings\Wyatt\Application Data\FunWebProducts\Data\Wyatt\zbucks.dat
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\sanR24
C:\Temp\sanR24\lDii.log
C:\Temp\xOe
C:\Temp\xOe\tOasF.log
C:\WINDOWS\cookies.ini
C:\WINDOWS\mantec~1
C:\WINDOWS\mantec~1\??mantec\
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\bccdd.ini
C:\WINDOWS\system32\bccdd.ini2
C:\WINDOWS\system32\edeeg.ini
C:\WINDOWS\system32\edeeg.ini2
C:\WINDOWS\system32\igtmwklw.ini
C:\WINDOWS\system32\kjllm.ini
C:\WINDOWS\system32\kjllm.ini2
C:\WINDOWS\system32\klehqwwa.ini
C:\WINDOWS\system32\krufgytx.ini
C:\WINDOWS\system32\llkkj.ini2
C:\WINDOWS\system32\mcroso~1.net
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\mvwqsffa.ini
C:\WINDOWS\system32\npumufxy.ini
C:\WINDOWS\system32\pedohean.ini
C:\WINDOWS\system32\pgyjeaqp.ini
C:\WINDOWS\system32\ploageap.ini
C:\WINDOWS\system32\rgrwnwgc.ini
C:\WINDOWS\system32\rmxvufsc.ini
C:\WINDOWS\system32\tepenjjt.ini
C:\WINDOWS\system32\ttvwa.ini
C:\WINDOWS\system32\ttvwa.ini2
C:\WINDOWS\system32\uhninkog.ini
C:\WINDOWS\system32\vikifuub.ini
C:\WINDOWS\system32\vMW02a
C:\WINDOWS\system32\vpxxgsxk.ini
C:\WINDOWS\system32\whquupid.ini
C:\WINDOWS\system32\wiwffnjm.ini
C:\WINDOWS\system32\xeodenjm.ini
C:\WINDOWS\system32\xotxeywk.ini
C:\WINDOWS\system32\xowjevkb.ini
C:\WINDOWS\system32\yaxcsqir.ini

.
((((((((((((((((((((((((( Files Created from 2008-04-18 to 2008-05-18 )))))))))))))))))))))))))))))))
.

2008-05-18 17:57 . 2008-05-18 17:57 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-18 17:57 . 2008-05-18 17:57 <DIR> d-------- C:\Documents and Settings\Dan\Application Data\Malwarebytes
2008-05-18 17:57 . 2008-05-18 17:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-18 17:57 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-18 17:57 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-17 21:12 . 2008-05-17 21:12 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-17 21:12 . 2008-05-17 21:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-16 23:41 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-05-16 23:40 . 2008-05-16 23:40 <DIR> d-------- C:\Program Files\Common Files\Java
2008-05-11 08:39 . 2008-05-11 08:39 <DIR> d-------- C:\Deckard
2008-04-28 03:33 . 2008-04-28 03:33 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-04-27 16:27 . 2008-04-27 17:04 <DIR> d-------- C:\VundoFix Backups
2008-04-26 18:44 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-04-26 18:44 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-04-26 00:58 . 2008-05-11 00:40 <DIR> d-------- C:\Documents and Settings\Dan\Application Data\F-Secure
2008-04-26 00:40 . 2007-05-25 09:09 58,128 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
2008-04-26 00:40 . 2007-05-25 09:09 37,008 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
2008-04-26 00:39 . 2008-04-26 00:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
2008-04-26 00:37 . 2008-04-26 11:43 <DIR> d-------- C:\Program Files\F-Secure Internet Security
2008-04-26 00:35 . 2008-04-26 00:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\fssg
2008-04-23 03:48 . 2008-04-23 03:48 0 --a------ C:\WINDOWS\system32\SBRC.dat
2008-04-23 03:48 . 2008-04-23 03:48 0 --a------ C:\WINDOWS\system32\SBFC.dat
2008-04-20 19:31 . 2008-05-18 19:24 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-20 19:31 . 2008-04-20 19:31 1,409 --a------ C:\WINDOWS\QTFont.for

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-18 17:43 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-18 13:32 90,112 ----a-w C:\WINDOWS\DUMP98a6.tmp
2008-05-18 01:02 --------- d-----w C:\Program Files\Common Files\Nullsoft
2008-05-18 01:01 --------- d-----w C:\Program Files\MySpace
2008-05-17 03:41 --------- d-----w C:\Program Files\Java
2008-05-16 23:01 --------- d-----w C:\Program Files\Spyware Doctor
2008-05-12 02:53 --------- d-----w C:\Documents and Settings\Dan\Application Data\Apple Computer
2008-05-11 14:32 --------- d-----w C:\Program Files\XoftSpySE
2008-04-26 04:08 --------- d-----w C:\Program Files\Trend Micro
2008-04-22 00:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-22 00:37 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-27 08:12 151,583 ------w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-18 00:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2008-03-01 22:36 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:55 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-29 08:55 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:32 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:32 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2006-11-07 16:01 563,712 ----a-w C:\Documents and Settings\Jeremy\gotomypc_370.exe
2006-07-11 23:06 563,712 ----a-w C:\Documents and Settings\Danielle\370_gotomypc.exe
2008-01-19 18:53 56 --sh--r C:\WINDOWS\system32\9774C10CEE.sys
2008-01-19 19:15 88 --sh--r C:\WINDOWS\system32\EE0CC17497.sys
2008-01-19 19:15 7,308 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1C55CA6D-2C5D-40DC-9EEA-6C3CEDD7BDD8}]
C:\Program Files\ComPlus Applications\hoqezi83122.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E50D4542-7258-4B96-9F59-7FB35636A975}]
C:\Program Files\ComPlus Applications\hoqezi4444.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F8C02889-DA6C-4AA0-85AA-FD5BB45E5858}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [2003-09-10 03:24 20480]
"OE_OEM"="C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-11-19 04:41 98304]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-19 04:38 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-11-19 04:42 118784]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 05:56 761947]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 12:55 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 12:56 602182]
"SigmatelSysTrayApp"="stsystra.exe" [2005-11-16 22:35 397312 C:\WINDOWS\stsystra.exe]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2005-12-15 11:44 839680]
"ShowLOMControl"="1 (0x1)" []
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 21:29 49152]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 02:05 127035]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 11:44 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44 81920]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 02:02 86016]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe" [2005-08-30 17:42 823362]
"MMTray"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2005-09-08 20:20 110592]
"SBCSTray"="C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe" [2007-08-27 12:09 698864]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 03:41 49152]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 16:27 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 04:22 267048]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 10:24 16384]
"F-Secure Manager"="C:\Program Files\F-Secure Internet Security\Common\FSM32.exe" [2007-05-25 09:12 183208]
"F-Secure TNB"="C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" [2007-05-25 09:11 740208]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 10:23 202544]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-11-18 18:46:00 1724416]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-05-09 16:42:38 24576]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 05:21:22 288472]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 08:56:20 73728]
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-05-03 23:07:32 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fccddde]
fccddde.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifecyv]
iifecyv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.MJPG"= m3jpeg32.dll
"vidc.dmb1"= m3jpeg32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2007-05-25 09:09]
R0 SBHR;SBHR;C:\WINDOWS\system32\drivers\sbhr.sys [2007-11-01 03:02]
R1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\F-Secure Internet Security\HIPS\fshs.sys [2008-04-26 11:01]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2007-11-15 10:23]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\F-Secure Internet Security\Anti-Virus\minifilter\fsgk.sys [2007-05-25 09:08]
S2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" []
S3 F-Secure BlackLight Sensor;F-Secure BlackLight Sensor;C:\WINDOWS\TEMP\F-Secure\Anti-Virus\fsblsrv.exe []
S3 SBAPIFS;SBAPIFS;C:\WINDOWS\system32\drivers\sbapifs.sys []
S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\F-Secure Internet Security\Anti-Virus\Win2K\FSfilter.sys [2007-05-25 09:09]
S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\F-Secure Internet Security\Anti-Virus\Win2K\FSrec.sys [2007-05-25 09:09]

*Newly Created Service* - PCD5SRVC{FBEA8B78-1B22F121-05040000}
.
Contents of the 'Scheduled Tasks' folder
"2008-03-21 13:51:57 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-18 01:05:46 C:\WINDOWS\Tasks\Scheduled scanning task.job"
- C:\PROGRA~1\F-SECU~1\ANTI-V~1\fsav.exeQ /HARD /POLICY /SCHED /NOBREAK /REPORT=C:\PROGRA~1\F-SECU~1\ANTI-V~1\report.txt
"2008-05-18 23:25:37 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2008-05-17 14:04:29 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-18 19:25:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE
-> C:\Program Files\F-Secure Internet Security\Common\fpshx.ENG
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32.exe
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
C:\Program Files\F-Secure Internet Security\FWES\program\fsdfwd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\F-Secure Internet Security\FSAUA\program\fsus.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
.
**************************************************************************
.
Completion time: 2008-05-18 19:37:25 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-18 23:37:01

Pre-Run: 41,944,133,632 bytes free
Post-Run: 43,007,574,016 bytes free

302 --- E O F --- 2008-05-17 07:49:06

Steamwiz,

I think this may have solved the issue, but I will test it out for a few more days.

Thanks

#6 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:08:38 PM

Posted 19 May 2008 - 03:26 PM

HI

Your logs certainly look better, but you're not totaly clean yet ...

Between them Malwarebytes' Anti-Malware & Combofix have removed a lot of malware, but KASPERSKY (which does not remove malware) still shows work to be done ...

Disconnect from the internet Close ALL browser windows (including this one) - run hijackthis and tick to fix (check the box next to) the list below.........when all are ticked (checked) click the Fix Checked button at the bottom. :-

O2 - BHO: (no name) - {1C55CA6D-2C5D-40DC-9EEA-6C3CEDD7BDD8} - C:\Program Files\ComPlus Applications\hoqezi83122.dll (file missing)

O2 - BHO: (no name) - {E50D4542-7258-4B96-9F59-7FB35636A975} - C:\Program Files\ComPlus Applications\hoqezi4444.dll (file missing)
O2 - BHO: (no name) - {F8C02889-DA6C-4AA0-85AA-FD5BB45E5858} - (no file)

O20 - Winlogon Notify: fccddde - fccddde.dll (file missing)
O20 - Winlogon Notify: iifecyv - iifecyv.dll (file missing)


THEN ...

Run another KASPERSKY ONLINE SCAN & post the REPORT

steam
MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image

#7 epqe17

epqe17
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:38 PM

Posted 19 May 2008 - 10:45 PM

Steamwiz,

I ran it again and it still listed 30 viruses and 64 infected objects. Should I just purchase Kaspersky and clean up the files?

Here is the log:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, May 19, 2008 11:37:56 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 19/05/2008
Kaspersky Anti-Virus database records: 786770
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 116948
Number of viruses found: 30
Number of infected objects: 64
Number of suspicious objects: 0
Duration of the scan process: 01:43:34

Infected Object Name / Virus Name / Last Action
C:\Deckard\System Scanner\20080516232405\backup\DOCUME~1\Dan\LOCALS~1\Temp\NI.UGA6P_0001_N111M1707\setup.exe Object is locked skipped
C:\Documents and Settings\All Users\Application Data\F-Secure\logs\FSMA\fsma.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0f0e95f8a77cb7c76796871b4a2ca5f8_50e417e0-e461-474b-96e2-077b80325612 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_50e417e0-e461-474b-96e2-077b80325612 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5d9e686c802c929fdb4dbd7fc92b69c2_50e417e0-e461-474b-96e2-077b80325612 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d6efbc1341d686215828b8a529002890_50e417e0-e461-474b-96e2-077b80325612 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d953eda3e26304d35e06e3f99844845b_50e417e0-e461-474b-96e2-077b80325612 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare Object is locked skipped
C:\Documents and Settings\All Users\Application Data\SupportSoft\DellSupportCenter\SYSTEM\state\logs\sprtcmd.log Object is locked skipped
C:\Documents and Settings\Dan\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt.log Object is locked skipped
C:\Documents and Settings\Dan\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt_GTActions.log Object is locked skipped
C:\Documents and Settings\Dan\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\gdql_d_DSAgnt.log Object is locked skipped
C:\Documents and Settings\Dan\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\glog.log Object is locked skipped
C:\Documents and Settings\Dan\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\ApplicationHistory\hpqimzone.exe.3204510e.ini.inuse Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\ApplicationHistory\sprtcmd.exe.63e7480d.ini.inuse Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\HP\Digital Imaging\db\t.administrativeInfo.dbf Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\HP\Digital Imaging\db\t.albumImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\HP\Digital Imaging\db\t.albumImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\HP\Digital Imaging\db\t.albumTable.cdx Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\HP\Digital Imaging\db\t.albumTable.dbf Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\HP\Digital Imaging\db\t.EXIFTable.cdx Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\HP\Digital Imaging\db\t.EXIFTable.dbf Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\HP\Digital Imaging\db\t.imageTable.cdx Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\HP\Digital Imaging\db\t.imageTable.dbf Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\HP\Digital Imaging\db\t.imageTable.fpt Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\HP\Digital Imaging\db\t.keywordImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\HP\Digital Imaging\db\t.keywordImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\HP\Digital Imaging\db\t.keywordTable.cdx Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\HP\Digital Imaging\db\t.keywordTable.dbf Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\HP\Digital Imaging\db\t.managedFolderTable.dbf Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\HP\Digital Imaging\db\t.pathnameTable.cdx Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\HP\Digital Imaging\db\t.pathnameTable.dbf Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\HP\Digital Imaging\db\t.propertiesTable.cdx Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\HP\Digital Imaging\db\t.propertiesTable.dbf Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\HP\Digital Imaging\db\t.ROFImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\HP\Digital Imaging\db\t.ROFImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\HP\Digital Imaging\db\t.ROFTable.cdx Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\HP\Digital Imaging\db\t.ROFTable.dbf Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\SupportSoft\DellSupportCenter\Dan\state\logs\sprtcmd.log Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\History\History.IE5\MSHist012008051920080520\index.dat Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Temp\hpodvd09.log Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Temp\~DF3288.tmp Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Temp\~DF41C6.tmp Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Temp\~DFF60.tmp Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Dan\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Dan\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\F-Secure Internet Security\Anti-Virus\dbupdate.log Object is locked skipped
C:\Program Files\F-Secure Internet Security\Anti-Virus\deleteme_msg.log Object is locked skipped
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe.Qrt.log Object is locked skipped
C:\Program Files\F-Secure Internet Security\Anti-Virus\perf.dat Object is locked skipped
C:\Program Files\F-Secure Internet Security\Anti-Virus\power.dat Object is locked skipped
C:\Program Files\F-Secure Internet Security\Common\policy.bpf Object is locked skipped
C:\Program Files\F-Secure Internet Security\Common\policy.ipf Object is locked skipped
C:\Program Files\F-Secure Internet Security\FSAUA\fsbwupst.log Object is locked skipped
C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.dbg Object is locked skipped
C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.log Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\master.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\mastlog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\model.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\modellog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\tempdb.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\templog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\LOG\ERRORLOG Object is locked skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\1F.tmp Infected: not-a-virus:AdTool.Win32.MyWebSearch.l skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\20.tmp Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\3F.tmp Infected: not-a-virus:AdTool.Win32.MyWebSearch.l skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\40.tmp Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\66E.tmp Infected: not-a-virus:Downloader.Win32.WinFixer.dz skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\66F.tmp Infected: not-a-virus:Downloader.Win32.WinFixer.dz skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\670.tmp/data0003 Infected: Trojan.Win32.Scapur.k skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\670.tmp NSIS: infected - 1 skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\670.tmp CryptFF.b: infected - 1 skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\671.tmp/data0006 Infected: Trojan-Downloader.Win32.VB.caw skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\671.tmp NSIS: infected - 1 skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\671.tmp CryptFF.b: infected - 1 skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\672.tmp/UGA6P_0001_N122M2802NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.au skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\672.tmp CAB: infected - 1 skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\672.tmp CryptFF.b: infected - 1 skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\674.tmp Infected: Trojan.Win32.Monder.gen skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\B.tmp Infected: Trojan.Win32.BHO.ab skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\C.tmp/data0004 Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\C.tmp/data0005 Infected: Trojan-Clicker.HTML.IFrame.dn skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\C.tmp NSIS: infected - 2 skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\C.tmp CryptFF.b: infected - 2 skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\D.tmp Infected: Trojan.Win32.Agent.bck skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\euungjyh_688.VIR Infected: not-a-virus:AdWare.Win32.SecToolBar.f skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\euungjyh_964.VIR Infected: not-a-virus:AdWare.Win32.SecToolBar.f skipped
C:\Program Files\Trend Micro\Internet Security 12\Quarantine\euungjyh_970.VIR Infected: not-a-virus:AdWare.Win32.SecToolBar.f skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP517\A0139352.0ll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP517\A0139353.0ll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP517\A0139354.dll Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP517\A0140352.dll Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP518\A0142352.dll Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP521\A0143443.0ll Infected: Trojan.Win32.Monder.cq skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP521\A0143448.0ll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP521\A0143449.0ll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP525\A0150526.dll Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP525\A0150535.dll Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP531\A0153991.dll Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP531\A0153992.dll Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP531\A0153993.dll Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP531\A0153994.dll Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP531\A0153995.dll Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP531\A0153996.dll Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP531\A0154015.dll Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP531\A0155039.0ll Infected: Trojan.Win32.KillAV.rf skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP531\A0155040.0ll Infected: Trojan.Win32.KillAV.rf skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP532\A0156065.DLL Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP532\A0156066.dll Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP532\A0156070.dll Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP532\A0156071.0ll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP532\A0156072.0ll Infected: Trojan.Win32.Monder.bl skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP532\A0156073.0ll Infected: Trojan.Win32.Monder.ba skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP532\A0156074.0ll Infected: Trojan.Win32.Monder.y skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP532\A0156075.0ll Infected: Trojan.Win32.Monder.t skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP532\A0156076.0ll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP532\A0156077.0ll Infected: Trojan.Win32.Monder.az skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP532\A0156078.0ll Infected: Trojan.Win32.Monder.bb skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP532\A0156079.0ll Infected: Trojan.Win32.Monder.bl skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP532\A0156080.0ll Infected: Trojan.Win32.Monder.ba skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP532\A0156081.0ll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP532\A0156082.dll Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP532\A0156083.0ll Infected: Trojan.Win32.Monder.bp skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP532\A0156084.0ll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP532\A0156085.0ll Infected: Trojan.Win32.Monder.az skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP532\A0156086.0ll Infected: Trojan.Win32.Monder.az skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP532\A0156087.0ll Infected: Trojan.Win32.Monder.ay skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP532\A0156088.dll Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP532\A0156089.dll Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP532\A0156090.0ll Infected: Trojan.Win32.Monder.s skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP532\A0156091.dll Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP532\A0156092.0ll Infected: Trojan.Win32.Monder.bc skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP532\A0156093.exe Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP539\A0165172.0ll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP539\A0165173.0ll Infected: Trojan.Win32.Monder.az skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP539\A0165174.0ll Infected: Trojan.Win32.Monder.v skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP539\A0165175.dll Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP540\A0165186.exe/file04 Infected: not-a-virus:RiskTool.Win32.PsKill.an skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP540\A0165186.exe/file14 Infected: not-a-virus:FraudTool.Win32.BestSeller.a skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP540\A0165186.exe/file20 Infected: not-a-virus:FraudTool.Win32.BestSeller.a skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP540\A0165186.exe/file23 Infected: not-a-virus:FraudTool.Win32.BestSeller.a skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP540\A0165186.exe/file24 Infected: not-a-virus:FraudTool.Win32.BestSeller.a skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP540\A0165186.exe/file26 Infected: not-a-virus:FraudTool.Win32.BestSeller.c skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP540\A0165186.exe/file34 Infected: not-a-virus:FraudTool.Win32.BestSeller.a skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP540\A0165186.exe/file35 Infected: not-a-virus:FraudTool.Win32.BestSeller.k skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP540\A0165186.exe/file36 Infected: not-a-virus:FraudTool.Win32.BestSeller.a skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP540\A0165186.exe/file71 Infected: not-a-virus:Downloader.Win32.WinFixer.bm skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP540\A0165186.exe Inno: infected - 10 skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP552\change.log Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_acc.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

#8 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:08:38 PM

Posted 20 May 2008 - 09:09 AM

Steamwiz,

I ran it again and it still listed 30 viruses and 64 infected objects. Should I just purchase Kaspersky and clean up the files?


No no no ... I have to go out now, but I'll be back later with instructions on how to remove those infected files for free.
steam

Edited by steamwiz, 20 May 2008 - 09:10 AM.

MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image

#9 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:08:38 PM

Posted 20 May 2008 - 03:28 PM

HI

Open your Trend Micro Control panel ... go to the Quarantine folder & delete all

THEN ...

This will clear all your infected restore points...

Turn off (Disable) System Restore in XP :-

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
Restart your computer.

Then...

Turn on (enable) System Restore :-

Follow the same procedure, but this time uncheck Turn off System Restore

if you have any problem with this... here's a link to instructions :-


Disabling or enabling Windows XP System Restore >

http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

Run & post a new KASPERSKY ONLINE SCANNER REPORT

steam
MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image

#10 epqe17

epqe17
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:38 PM

Posted 21 May 2008 - 04:25 AM

Steamwiz,

OK. I was able to clear the Quarantine folder for Trend Micro, but I couldn't get there through the Control Panel for Trend Micro (an error - pccmain.exe has encountered a problem and needs to close).

Here is the report:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, May 21, 2008 5:19:27 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 20/05/2008
Kaspersky Anti-Virus database records: 788626
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 109069
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 01:26:18

Infected Object Name / Virus Name / Last Action
C:\Deckard\System Scanner\20080516232405\backup\DOCUME~1\Dan\LOCALS~1\Temp\NI.UGA6P_0001_N111M1707\setup.exe Object is locked skipped
C:\Documents and Settings\All Users\Application Data\F-Secure\logs\FSMA\fsma.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0f0e95f8a77cb7c76796871b4a2ca5f8_50e417e0-e461-474b-96e2-077b80325612 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_50e417e0-e461-474b-96e2-077b80325612 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5d9e686c802c929fdb4dbd7fc92b69c2_50e417e0-e461-474b-96e2-077b80325612 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d6efbc1341d686215828b8a529002890_50e417e0-e461-474b-96e2-077b80325612 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d953eda3e26304d35e06e3f99844845b_50e417e0-e461-474b-96e2-077b80325612 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare Object is locked skipped
C:\Documents and Settings\All Users\Application Data\SupportSoft\DellSupportCenter\SYSTEM\state\logs\sprtcmd.log Object is locked skipped
C:\Documents and Settings\Dan\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt.log Object is locked skipped
C:\Documents and Settings\Dan\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\DSAgnt_GTActions.log Object is locked skipped
C:\Documents and Settings\Dan\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\gdql_d_DSAgnt.log Object is locked skipped
C:\Documents and Settings\Dan\Application Data\Gtek\GTUpdate\AUpdate\DellSupport\glog.log Object is locked skipped
C:\Documents and Settings\Dan\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\ApplicationHistory\hpqimzone.exe.3204510e.ini.inuse Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\ApplicationHistory\sprtcmd.exe.63e7480d.ini.inuse Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\BVRP Software\NetWaiting\MoHlog.txt Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\HP\Digital Imaging\db\t.administrativeInfo.dbf Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\HP\Digital Imaging\db\t.albumImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\HP\Digital Imaging\db\t.albumImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\HP\Digital Imaging\db\t.albumTable.cdx Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\HP\Digital Imaging\db\t.albumTable.dbf Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\HP\Digital Imaging\db\t.EXIFTable.cdx Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\HP\Digital Imaging\db\t.EXIFTable.dbf Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\HP\Digital Imaging\db\t.imageTable.cdx Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\HP\Digital Imaging\db\t.imageTable.dbf Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\HP\Digital Imaging\db\t.imageTable.fpt Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\HP\Digital Imaging\db\t.keywordImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\HP\Digital Imaging\db\t.keywordImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\HP\Digital Imaging\db\t.keywordTable.cdx Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\HP\Digital Imaging\db\t.keywordTable.dbf Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\HP\Digital Imaging\db\t.managedFolderTable.dbf Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\HP\Digital Imaging\db\t.pathnameTable.cdx Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\HP\Digital Imaging\db\t.pathnameTable.dbf Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\HP\Digital Imaging\db\t.propertiesTable.cdx Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\HP\Digital Imaging\db\t.propertiesTable.dbf Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\HP\Digital Imaging\db\t.ROFImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\HP\Digital Imaging\db\t.ROFImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\HP\Digital Imaging\db\t.ROFTable.cdx Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\HP\Digital Imaging\db\t.ROFTable.dbf Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Application Data\SupportSoft\DellSupportCenter\Dan\state\logs\sprtcmd.log Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\History\History.IE5\MSHist012008052020080521\index.dat Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Temp\hpodvd09.log Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Temp\~DF3694.tmp Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Temp\~DF41D5.tmp Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Temp\~DFA6D4.tmp Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Dan\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Dan\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Dan\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\F-Secure Internet Security\Anti-Virus\dbupdate.log Object is locked skipped
C:\Program Files\F-Secure Internet Security\Anti-Virus\deleteme_msg.log Object is locked skipped
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe.Qrt.log Object is locked skipped
C:\Program Files\F-Secure Internet Security\Anti-Virus\perf.dat Object is locked skipped
C:\Program Files\F-Secure Internet Security\Anti-Virus\power.dat Object is locked skipped
C:\Program Files\F-Secure Internet Security\Common\policy.bpf Object is locked skipped
C:\Program Files\F-Secure Internet Security\Common\policy.ipf Object is locked skipped
C:\Program Files\F-Secure Internet Security\FSAUA\fsbwupst.log Object is locked skipped
C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.dbg Object is locked skipped
C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.log Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\master.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\mastlog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\model.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\modellog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\tempdb.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\templog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\LOG\ERRORLOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\change.log Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_784.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

#11 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:08:38 PM

Posted 21 May 2008 - 01:14 PM

HI

That's what I like to see :thumbsup:

your first report showed :-

Number of viruses found: 32
Number of infected objects: 118

Your last one shows :-

Number of viruses found: 0
Number of infected objects: 0

pccmain.exe is the main executable for Trend Micro Internet Security suite ... your Trend Micro is corrupt & you don't need it, as you now have F-Secure Internet Security installed, you can uninstall it from add/remove programs.

Are you happy the problem is resolved ?

steam
MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image

#12 epqe17

epqe17
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:38 PM

Posted 23 May 2008 - 10:42 PM

Steamwiz,

I'm very satisfied with your help and support! Thanks for resolving my problems.

#13 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:08:38 PM

Posted 24 May 2008 - 04:09 PM

You're very welcome :thumbsup:

Please Have a look here at ways to keep your computer safe :-

Simple steps to keep your computer secure! By Grinler > http://www.bleepingcomputer.com/forums/t/1628/simple-steps-to-keep-your-computer-secure/

& here :-

So how did I get infected in the first place? By TonyKlein > http://forums.spybot.info/showthread.php?t=279

Happy surfing

steam
MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image

#14 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:08:38 PM

Posted 27 June 2008 - 02:38 PM

As this thread is resolved, :thumbsup: it is now locked.

If the original poster would like it re-opened, please send me a PM with a link to this thread.

cheers

steam
MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users