Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Mounting Infected Hd As Slave, Trend Finds Nothing


  • Please log in to reply
35 replies to this topic

#1 jerryc

jerryc

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 18 May 2008 - 01:20 PM

My XP comp got a nasty or two. Trend popped up with a warning that Trojan..... (not sure which, I think these from a log)

 cgiLog.exe?UID=8a660a32-e9d9-4991-b1ee-be10cf47447d&DATE=20080518&TIME=084903&EVENT=2&LOGIN=Administrator&VIRUS=TROJ%5fZLOB%2eCAB&FILE=bho%2eexe&COMPRESSEDFILE=&DIRECTORY=C%3a%5cProgram%20Files%5c&INFECTIONSOURCE=&FIRSTACTION=5&FIRSTSTATUS=-1&SECONDACTION=4&SECONDSTATUS=-1&RELEASE=7.0

( cgiLog.exe?UID=8a660a32-e9d9-4991-b1ee-be10cf47447d&DATE=20080518&TIME=084904&EVENT=2&LOGIN=Administrator&VIRUS=TROJ%5fDROPPER%2eZZB&FILE=antiviirus%2eexe&COMPRESSEDFILE=&DIRECTORY=C%3a%5cProgram%20Files%5c&INFECTIONSOURCE=&FIRSTACTION=5&FIRSTSTATUS=-1&SECONDACTION=4&SECONDSTATUS=-1&RELEASE=7.0

This is also from today

X cgiOnScan.exe?UID=8a660a32-e9d9-4991-b1ee-be10cf47447d&DATE=20080518&TIME=084900&EVENT=2

Here's another log from this am
20080506<;>937<;>HTML_IFRAME.HT<;>14<;>1<;>0<;>C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\RFHV35KO\theamateurtube[1].htm<;>
20080518<;>848<;>TROJ_ZLOB.CAB<;>10<;>1<;>0<;>C:\Program Files\bho.exe<;>
20080518<;>849<;>TROJ_DROPPER.ZZB<;>10<;>1<;>0<;>C:\Program Files\antiviirus.exe<;>

I cannot see these files in explorer, I do have 'view hidden files' set.


I rebooted into safemode and delelted temp and Temp Int files and then recycle bin. Rebooted again and the machine barely ran and I had virtually no control. Task manager is greyed out, desktop is changed, some email from this am seems to have disappeared. I removed HD and installed it as a slave in another comp and ran updated Trend several times, both antivirus and antimalware. Nothing found! ???
I am going to run a Kaspersky online scan now but otherwise will wait for replies before doing anything.
Thanks for any assistance.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,488 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:38 AM

Posted 18 May 2008 - 01:25 PM

Please try this scan
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 jerryc

jerryc
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 18 May 2008 - 02:56 PM

thanks, the Kaspersky is running now, scanning the slave drive only and has found 12 virus so far, with 35% done. I'll do the other when it finishes.

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,488 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:38 AM

Posted 18 May 2008 - 03:02 PM

OK keep us posted>
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 jerryc

jerryc
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 18 May 2008 - 04:14 PM

This is the Kaspersky scan, which is of only the i and j drives which are now the slave drives, were the OS from the other comp.
I'll do the other scan now.
Thanks


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, May 18, 2008 2:02:50 PM
Operating System: Microsoft Windows Server 2003, Standard Edition, Service Pack 2 (Build 3790)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 18/05/2008
Kaspersky Anti-Virus database records: 783219
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - Folders:
I:\
J:\

Scan Statistics:
Total number of scanned objects: 29198
Number of viruses found: 16
Number of infected objects: 41
Number of suspicious objects: 0
Duration of the scan process: 01:29:41

Infected Object Name / Virus Name / Last Action
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\0x0404.ini Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\0x0407.ini Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\0x0408.ini Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\0x0409.ini Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\0x040a.ini Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\0x040c.ini Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\0x0410.ini Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\0x0411.ini Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\0x0412.ini Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\0x0416.ini Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\0x0804.ini Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\0x0816.ini Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\1033.mst Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\1033\btwizard.chm Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\1033\denmark.rtf Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\1033\dutch.rtf Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\1033\eng.rtf Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\1033\finland.rtf Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\1033\iphelp.chm Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\1033\ipres.dll Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\1033\leesmij.txt Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\1033\norway.rtf Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\1033\readme.txt Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\1033\setupres.dll Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\1033\srres.dll Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\1033\sweden.rtf Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\btwizard.exe Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\commands.xml Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\components\commands\dpgauto\dpgauto.dll Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\components\commands\dpgauto\dpgauto.xml Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\components\commands\dpgflip3d\dpgflip3d.dll Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\components\commands\dpgflip3d\dpgflip3d.xml Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\components\commands\dpggmg\dpggmg.dll Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\components\commands\dpggmg\dpggmg.xml Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\components\commands\dpghnt\dpghnt.dll Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\components\commands\dpghnt\dpghnt.xml Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\components\commands\dpgmacro\dpgmacro.dll Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\components\commands\dpgmacro\dpgmacro.xml Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\components\commands\dpgmgy\dpgmgy.dll Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\components\commands\dpgmgy\dpgmgy.xml Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\components\commands\dpgmgy\magnify.exe Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\components\commands\dpgql\dpgql.dll Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\components\commands\dpgql\dpgql.xml Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\difxapi.dll Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\dpgcmd.dll Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\dpgmkb.dll Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\dpgupdateinstall.exe Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\dplaunch.exe Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\dpupdchk.exe Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\hcg.chm Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\ipcoin10.dll Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\ipcplact.dll Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\ipcplbtn.dll Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\ipcplsens.dll Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\ipcplwhl.dll Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\ipcplwir.dll Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\ipoint.exe Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\macro.xsd Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\mhook.dll Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\basicopticalmouse\basicopticalmouse.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\basicopticalmouse\basicopticalmouse_button1.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\basicopticalmouse\basicopticalmouse_button2.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\basicopticalmouse\basicopticalmouse_button3.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\basicopticalmousev2.0\basicopticalmousev2.0.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\basicopticalmousev2.0\basicopticalmousev2.0_button1.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\basicopticalmousev2.0\basicopticalmousev2.0_button2.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\basicopticalmousev2.0\basicopticalmousev2.0_button3.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\comfortopticalmouse1000\comfortopticalmouse1000.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\comfortopticalmouse1000\comfortopticalmouse1000_button1.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\comfortopticalmouse1000\comfortopticalmouse1000_button2.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\comfortopticalmouse1000\comfortopticalmouse1000_button3.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\comfortopticalmouse3000\comfortopticalmouse3000.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\comfortopticalmouse3000\comfortopticalmouse3000_button1.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\comfortopticalmouse3000\comfortopticalmouse3000_button2.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\comfortopticalmouse3000\comfortopticalmouse3000_button3.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\comfortopticalmouse3000\comfortopticalmouse3000_magnifybutton.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\compactopticalmouse\compactopticalmouse.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\compactopticalmouse\compactopticalmouse_button1.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\compactopticalmouse\compactopticalmouse_button2.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\compactopticalmouse\compactopticalmouse_button3.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\compactopticalmouse500v2.0\compactopticalmouse500v2.0.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\compactopticalmouse500v2.0\compactopticalmouse500v2.0_button1.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\compactopticalmouse500v2.0\compactopticalmouse500v2.0_button2.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\compactopticalmouse500v2.0\compactopticalmouse500v2.0_button3.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\intellimouse\intellimouse.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\intellimouse\intellimouse_button1.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\intellimouse\intellimouse_button2.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\intellimouse\intellimouse_button3.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\intellimouseexplorer3.0\intellimouseexplorer3.0.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\intellimouseexplorer3.0\intellimouseexplorer3.0_button1.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\intellimouseexplorer3.0\intellimouseexplorer3.0_button2.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\intellimouseexplorer3.0\intellimouseexplorer3.0_button3.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\intellimouseexplorer3.0\intellimouseexplorer3.0_button4.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\intellimouseexplorer3.0\intellimouseexplorer3.0_button5.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\intellimouseexplorer4.0\intellimouseexplorer4.0.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\intellimouseexplorer4.0\intellimouseexplorer4.0_button1.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\intellimouseexplorer4.0\intellimouseexplorer4.0_button2.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\intellimouseexplorer4.0\intellimouseexplorer4.0_button3.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\intellimouseexplorer4.0\intellimouseexplorer4.0_button4.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\intellimouseexplorer4.0\intellimouseexplorer4.0_button5.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\intellimouseexplorerforbluetooth\intellimouseexplorerforbluetooth.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\intellimouseexplorerforbluetooth\intellimouseexplorerforbluetooth_button1.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\intellimouseexplorerforbluetooth\intellimouseexplorerforbluetooth_button2.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\intellimouseexplorerforbluetooth\intellimouseexplorerforbluetooth_button3.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\intellimouseexplorerforbluetooth\intellimouseexplorerforbluetooth_button4.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\intellimouseexplorerforbluetooth\intellimouseexplorerforbluetooth_button5.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\intellimouseoptical\intellimouseoptical.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\intellimouseoptical\intellimouseoptical_button1.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\intellimouseoptical\intellimouseoptical_button2.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\intellimouseoptical\intellimouseoptical_button3.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\intellimouseoptical\intellimouseoptical_button4.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\intellimouseoptical\intellimouseoptical_button5.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\lasermouse6000\lasermouse6000.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\lasermouse6000\lasermouse6000_button1.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\lasermouse6000\lasermouse6000_button2.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\lasermouse6000\lasermouse6000_button3.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\lasermouse6000\lasermouse6000_button4.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\lasermouse6000\lasermouse6000_button5.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\mobilememorymouse8000\mobilememorymouse8000.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\mobilememorymouse8000\mobilememorymouse8000_button1.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\mobilememorymouse8000\mobilememorymouse8000_button2.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\mobilememorymouse8000\mobilememorymouse8000_button3.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\mobilememorymouse8000\mobilememorymouse8000_button4.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\mobilememorymouse8000\mobilememorymouse8000_button5.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\mobileopticalmouse\mobileopticalmouse.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\mobileopticalmouse\mobileopticalmouse_button1.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\mobileopticalmouse\mobileopticalmouse_button2.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\mobileopticalmouse\mobileopticalmouse_button3.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\naturalwirelesslasermouse6000\naturalwirelesslasermouse6000.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\naturalwirelesslasermouse6000\naturalwirelesslasermouse6000_button1.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\naturalwirelesslasermouse6000\naturalwirelesslasermouse6000_button2.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\naturalwirelesslasermouse6000\naturalwirelesslasermouse6000_button3.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\naturalwirelesslasermouse6000\naturalwirelesslasermouse6000_button4.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\naturalwirelesslasermouse6000\naturalwirelesslasermouse6000_button5.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\naturalwirelesslasermouse7000\naturalwirelesslasermouse7000.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\naturalwirelesslasermouse7000\naturalwirelesslasermouse7000_button1.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\naturalwirelesslasermouse7000\naturalwirelesslasermouse7000_button2.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\naturalwirelesslasermouse7000\naturalwirelesslasermouse7000_button3.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\naturalwirelesslasermouse7000\naturalwirelesslasermouse7000_button4.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\naturalwirelesslasermouse7000\naturalwirelesslasermouse7000_button5.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\notebookopticalmouse\notebookopticalmouse.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\notebookopticalmouse\notebookopticalmouse_button1.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\notebookopticalmouse\notebookopticalmouse_button2.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\notebookopticalmouse\notebookopticalmouse_button3.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\notebookopticalmouse3000\notebookopticalmouse3000.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\notebookopticalmouse3000\notebookopticalmouse3000_button1.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\notebookopticalmouse3000\notebookopticalmouse3000_button2.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\notebookopticalmouse3000\notebookopticalmouse3000_button3.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\notebookopticalmouse3000\notebookopticalmouse3000_magnifybutton.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\opticalmouse\opticalmouse.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\opticalmouse\opticalmouse_button1.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\opticalmouse\opticalmouse_button2.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\opticalmouse\opticalmouse_button3.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\opticalmousebystarck\opticalmousebystarck.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\opticalmousebystarck\opticalmousebystarck_button1.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\opticalmousebystarck\opticalmousebystarck_button2.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\opticalmousebystarck\opticalmousebystarck_button3.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\sidewindermouse\sidewindermouse.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\sidewindermouse\sidewindermouse_button1.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\sidewindermouse\sidewindermouse_button2.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\sidewindermouse\sidewindermouse_button3.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\sidewindermouse\sidewindermouse_button4.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\sidewindermouse\sidewindermouse_button5.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\standardwirelessopticalmouse\standardwirelessopticalmouse.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\standardwirelessopticalmouse\standardwirelessopticalmouse_button1.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\standardwirelessopticalmouse\standardwirelessopticalmouse_button2.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\standardwirelessopticalmouse\standardwirelessopticalmouse_button3.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\trackballexplorer\trackballexplorer.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\trackballexplorer\trackballexplorer_button1.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\trackballexplorer\trackballexplorer_button2.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\trackballexplorer\trackballexplorer_button3.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\trackballexplorer\trackballexplorer_button4.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\trackballexplorer\trackballexplorer_button5.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\trackballoptical\trackballoptical.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\trackballoptical\trackballoptical_button1.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\trackballoptical\trackballoptical_button2.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\trackballoptical\trackballoptical_button3.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\trackballoptical\trackballoptical_button4.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\trackballoptical\trackballoptical_button5.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\wheelmouse\wheelmouse.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\wheelmouse\wheelmouse_button1.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\wheelmouse\wheelmouse_button2.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\wheelmouse\wheelmouse_button3.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\wheelmouseoptical\wheelmouseoptical.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\wheelmouseoptical\wheelmouseoptical_button1.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\wheelmouseoptical\wheelmouseoptical_button2.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\wheelmouseoptical\wheelmouseoptical_button3.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\wirelessintellimouseexplorer2.0\wirelessintellimouseexplorer2.0.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\wirelessintellimouseexplorer2.0\wirelessintellimouseexplorer2.0_button1.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\wirelessintellimouseexplorer2.0\wirelessintellimouseexplorer2.0_button2.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\wirelessintellimouseexplorer2.0\wirelessintellimouseexplorer2.0_button3.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\wirelessintellimouseexplorer2.0\wirelessintellimouseexplorer2.0_button4.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\wirelessintellimouseexplorer2.0\wirelessintellimouseexplorer2.0_button5.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\wirelessintellimouseexplorerforbluetooth\wirelessintellimouseexplorerforbluetooth.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\wirelessintellimouseexplorerforbluetooth\wirelessintellimouseexplorerforbluetooth_button1.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\wirelessintellimouseexplorerforbluetooth\wirelessintellimouseexplorerforbluetooth_button2.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\wirelessintellimouseexplorerforbluetooth\wirelessintellimouseexplorerforbluetooth_button3.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\wirelessintellimouseexplorerforbluetooth\wirelessintellimouseexplorerforbluetooth_button4.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\wirelessintellimouseexplorerforbluetooth\wirelessintellimouseexplorerforbluetooth_button5.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\wirelessintellimouseexplorerwithfingerprintreader\wirelessintellimouseexplorerwithfingerprintreader.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\wirelessintellimouseexplorerwithfingerprintreader\wirelessintellimouseexplorerwithfingerprintreader_button1.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\wirelessintellimouseexplorerwithfingerprintreader\wirelessintellimouseexplorerwithfingerprintreader_button2.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\wirelessintellimouseexplorerwithfingerprintreader\wirelessintellimouseexplorerwithfingerprintreader_button3.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\wirelessintellimouseexplorerwithfingerprintreader\wirelessintellimouseexplorerwithfingerprintreader_button4.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\wirelessintellimouseexplorerwithfingerprintreader\wirelessintellimouseexplorerwithfingerprintreader_button5.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\wirelesslasermouse5000\wirelesslasermouse5000.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\wirelesslasermouse5000\wirelesslasermouse5000_button1.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\wirelesslasermouse5000\wirelesslasermouse5000_button2.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\wirelesslasermouse5000\wirelesslasermouse5000_button3.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\wirelesslasermouse5000\wirelesslasermouse5000_button4.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\wirelesslasermouse5000\wirelesslasermouse5000_button5.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\wirelesslasermouse6000\wirelesslasermouse6000.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\wirelesslasermouse6000\wirelesslasermouse6000_button1.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\wirelesslasermouse6000\wirelesslasermouse6000_button2.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\wirelesslasermouse6000\wirelesslasermouse6000_button3.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\wirelesslasermouse6000\wirelesslasermouse6000_button4.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\wirelesslasermouse6000\wirelesslasermouse6000_button5.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\wirelesslasermouse6000v2.0\wirelesslasermouse6000v2.0.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\wirelesslasermouse6000v2.0\wirelesslasermouse6000v2.0_button1.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\wirelesslasermouse6000v2.0\wirelesslasermouse6000v2.0_button2.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\wirelesslasermouse6000v2.0\wirelesslasermouse6000v2.0_button3.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\wirelesslasermouse6000v2.0\wirelesslasermouse6000v2.0_button4.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\wirelesslasermouse6000v2.0\wirelesslasermouse6000v2.0_button5.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\wirelesslasermouse7000\wirelesslasermouse7000.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\wirelesslasermouse7000\wirelesslasermouse7000_button1.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\wirelesslasermouse7000\wirelesslasermouse7000_button2.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\wirelesslasermouse7000\wirelesslasermouse7000_button3.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\wirelesslasermouse7000\wirelesslasermouse7000_button4.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\wirelesslasermouse7000\wirelesslasermouse7000_button5.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\wirelesslasermouse8000\wirelesslasermouse8000.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\wirelesslasermouse8000\wirelesslasermouse8000_button1.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\wirelesslasermouse8000\wirelesslasermouse8000_button2.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\wirelesslasermouse8000\wirelesslasermouse8000_button3.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\wirelesslasermouse8000\wirelesslasermouse8000_button4.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\wirelesslasermouse8000\wirelesslasermouse8000_button5.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\wirelessnotebooklasermouse6000\wirelessnotebooklasermouse6000.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\wirelessnotebooklasermouse6000\wirelessnotebooklasermouse6000_button1.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\wirelessnotebooklasermouse6000\wirelessnotebooklasermouse6000_button2.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\wirelessnotebooklasermouse6000\wirelessnotebooklasermouse6000_button3.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\wirelessnotebooklasermouse6000\wirelessnotebooklasermouse6000_magnifybutton.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\wirelessnotebooklasermouse7000\wirelessnotebooklasermouse7000.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\wirelessnotebooklasermouse7000\wirelessnotebooklasermouse7000_button1.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\wirelessnotebooklasermouse7000\wirelessnotebooklasermouse7000_button2.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\wirelessnotebooklasermouse7000\wirelessnotebooklasermouse7000_button3.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\wirelessnotebooklasermouse7000\wirelessnotebooklasermouse7000_button4.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\wirelessnotebooklasermouse7000\wirelessnotebooklasermouse7000_button5.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\wirelessnotebookopticalmouse\wirelessnotebookopticalmouse.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\wirelessnotebookopticalmouse\wirelessnotebookopticalmouse_button1.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\wirelessnotebookopticalmouse\wirelessnotebookopticalmouse_button2.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\wirelessnotebookopticalmouse\wirelessnotebookopticalmouse_button3.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\wirelessnotebookopticalmouse3000\wirelessnotebookopticalmouse3000.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\wirelessnotebookopticalmouse3000\wirelessnotebookopticalmouse3000_button1.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\wirelessnotebookopticalmouse3000\wirelessnotebookopticalmouse3000_button2.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\wirelessnotebookopticalmouse3000\wirelessnotebookopticalmouse3000_button3.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\wirelessnotebookopticalmouse4000\wirelessnotebookopticalmouse4000.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\wirelessnotebookopticalmouse4000\wirelessnotebookopticalmouse4000_button1.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\wirelessnotebookopticalmouse4000\wirelessnotebookopticalmouse4000_button2.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\wirelessnotebookopticalmouse4000\wirelessnotebookopticalmouse4000_button3.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\wirelessnotebookopticalmouse4000\wirelessnotebookopticalmouse4000_magnifybutton.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\wirelessnotebookpresentermouse8000\wirelessnotebookpresentermouse8000.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\wirelessnotebookpresentermouse8000\wirelessnotebookpresentermouse8000_button1.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\wirelessnotebookpresentermouse8000\wirelessnotebookpresentermouse8000_button2.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\wirelessnotebookpresentermouse8000\wirelessnotebookpresentermouse8000_button3.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\wirelessnotebookpresentermouse8000\wirelessnotebookpresentermouse8000_button4.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\wirelessnotebookpresentermouse8000\wirelessnotebookpresentermouse8000_button5.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\wirelessopticalmouse2.0\wirelessopticalmouse2.0.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\wirelessopticalmouse2.0\wirelessopticalmouse2.0_button1.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\wirelessopticalmouse2.0\wirelessopticalmouse2.0_button2.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\wirelessopticalmouse2.0\wirelessopticalmouse2.0_button3.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\wirelessopticalmouse2000\wirelessopticalmouse2000.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\wirelessopticalmouse2000\wirelessopticalmouse2000_button1.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\wirelessopticalmouse2000\wirelessopticalmouse2000_button2.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\wirelessopticalmouse2000\wirelessopticalmouse2000_button3.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\wirelessopticalmouse5000\wirelessopticalmouse5000.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\wirelessopticalmouse5000\wirelessopticalmouse5000_button1.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\wirelessopticalmouse5000\wirelessopticalmouse5000_button2.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\wirelessopticalmouse5000\wirelessopticalmouse5000_button3.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\wirelessopticalmouse5000\wirelessopticalmouse5000_button4.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models\wirelessopticalmouse5000\wirelessopticalmouse5000_button5.bmp Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\models.xsd Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\mousemodels.xml Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\mousinfo.exe Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\mscmdmou.xml Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\nuidfltr.cat Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\nuidfltr.inf Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\nuidfltr.sys Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\pnt32pk.cat Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\pnt32pk.inf Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\pnt32pw.cat Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\pnt32pw.inf Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\pnt32uk.cat Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\pnt32uk.inf Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\pnt32uw.cat Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\pnt32uw.inf Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\point32.sys Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\point32k.sys Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\trans32.cat Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\trans32.inf Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\wdfcoinstaller01005.dll Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\fonts\swkeys1.ttf Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\fonts\swmacro.otf Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\instmsiw.exe Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\ip62.msi Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\oemkeys.exe Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\oemsetup.exe Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\setup.exe Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\setup.ini Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\lang.ini Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\prereq\msxml\x86\msxml6-kb933579-enu-x86.exe Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\prereq\msxml\x86\msxml6.msi Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\prereq\watson\x86\dw20shared.msi Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\prereq\windowsinstaller3.1v2\x86\windowsinstaller-kb893803-v2-x86.exe Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\setup.exe Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\setupstb.exe Object is locked skipped
I:\c5827f319b3a51fe9e1edbd422e7\unicows.dll Object is locked skipped
I:\Documents and Settings\Administrator\Local Settings\Temp\.tt6.tmp/stream/data0007 Infected: not-a-virus:FraudTool.Win32.WinFixer.g skipped
I:\Documents and Settings\Administrator\Local Settings\Temp\.tt6.tmp/stream Infected: not-a-virus:FraudTool.Win32.WinFixer.g skipped
I:\Documents and Settings\Administrator\Local Settings\Temp\.tt6.tmp NSIS: infected - 2 skipped
I:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\antiviirus.exe Infected: Trojan-Downloader.Win32.Small.ivo skipped
I:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\bho.exe Infected: not-a-virus:AdWare.Win32.E404.w skipped
I:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\go[1].htm Infected: Trojan-Clicker.HTML.IFrame.fp skipped
I:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\jar_cache39611.tmp/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
I:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\jar_cache39611.tmp/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
I:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\jar_cache39611.tmp/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
I:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\jar_cache39611.tmp ZIP: infected - 3 skipped
I:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\jar_cache39611.tmp CryptFF.b: infected - 3 skipped
I:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\jar_cache58800.tmp/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
I:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\jar_cache58800.tmp/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
I:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\jar_cache58800.tmp/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
I:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\jar_cache58800.tmp ZIP: infected - 3 skipped
I:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\jar_cache58800.tmp CryptFF.b: infected - 3 skipped
I:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\jar_cache58801.tmp/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c skipped
I:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\jar_cache58801.tmp/Counter.class Infected: Trojan.Java.ClassLoader.h skipped
I:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\jar_cache58801.tmp/Parser.class Infected: Trojan.Java.ClassLoader.d skipped
I:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\jar_cache58801.tmp ZIP: infected - 3 skipped
I:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\jar_cache58801.tmp CryptFF.b: infected - 3 skipped
I:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\jar_cache58802.tmp/GetAccess.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped
I:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\jar_cache58802.tmp/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped
I:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\jar_cache58802.tmp/NewSecurityClassLoader.class Infected: Exploit.Java.ByteVerify skipped
I:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\jar_cache58802.tmp/NewURLClassLoader.class Infected: Exploit.Java.ByteVerify skipped
I:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\jar_cache58802.tmp ZIP: infected - 4 skipped
I:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\jar_cache58802.tmp CryptFF.b: infected - 4 skipped
I:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\sploit[1].anr Infected: Trojan-Downloader.Win32.Ani.c skipped
I:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\sploit[1]_47c.VIR Infected: Trojan-Downloader.Win32.Ani.c skipped
I:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\sploit[1]_484.VIR Infected: Trojan-Downloader.Win32.Ani.c skipped
I:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\sploit[1]_488.VIR Infected: Trojan-Downloader.Win32.Ani.c skipped
I:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\sploit[1]_48c.VI0 Infected: Trojan-Downloader.Win32.Ani.c skipped
I:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\sploit[1]_48c.VIR Infected: Trojan-Downloader.Win32.Ani.c skipped
I:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\sploit[1]_490.VIR Infected: Trojan-Downloader.Win32.Ani.c skipped
I:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\sploit[1]_494.VIR Infected: Trojan-Downloader.Win32.Ani.c skipped
I:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
I:\WINDOWS\system32\ctfmona.exe Infected: Trojan.Win32.Agent.mtm skipped
I:\WINDOWS\system32\drivers\kqV06.sys Infected: Trojan-Dropper.Win32.Agent.ror skipped
I:\WINDOWS\system32\tuvWpQiI.dll Infected: Trojan-Downloader.Win32.ConHook.ru skipped
I:\WINDOWS\system32\WinCtrl32.dll Infected: Trojan-Downloader.Win32.Mutant.yf skipped
I:\WINDOWS\system32\WinCtrl32.dl_ Infected: Trojan-Downloader.Win32.Mutant.yf skipped
J:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.

#6 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:09:38 AM

Posted 18 May 2008 - 04:24 PM

===== Locked Objects =====

Number of items = 317

I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\1033\ipres.dll
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\1033\setupres.dll
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\1033\srres.dll
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\btwizard.exe
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\components\commands\dpgauto\dpgauto.dll
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\components\commands\dpgflip3d\dpgflip3d.dll
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\components\commands\dpggmg\dpggmg.dll
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\components\commands\dpghnt\dpghnt.dll
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\components\commands\dpgmacro\dpgmacro.dll
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\components\commands\dpgmgy\dpgmgy.dll
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\components\commands\dpgmgy\magnify.exe
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\components\commands\dpgql\dpgql.dll
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\difxapi.dll
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\dpgcmd.dll
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\dpgmkb.dll
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\dpgupdateinstall.exe
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\dplaunch.exe
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\dpupdchk.exe
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\ipcoin10.dll
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\ipcplact.dll
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\ipcplbtn.dll
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\ipcplsens.dll
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\ipcplwhl.dll
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\ipcplwir.dll
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\ipoint.exe
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\mhook.dll
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\mousinfo.exe
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\nuidfltr.sys
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\point32.sys
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\point32k.sys
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\files\wdfcoinstaller01005.dll
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\instmsiw.exe
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\oemkeys.exe
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\oemsetup.exe
I:\c5827f319b3a51fe9e1edbd422e7\ipoint\setup\setup.exe
I:\c5827f319b3a51fe9e1edbd422e7\prereq\msxml\x86\msxml6-kb933579-enu-x86.exe
I:\c5827f319b3a51fe9e1edbd422e7\prereq\windowsinstaller3.1v2\x86\windowsinstaller-kb893803-v2-x86.exe
I:\c5827f319b3a51fe9e1edbd422e7\setup.exe
I:\c5827f319b3a51fe9e1edbd422e7\setupstb.exe
I:\c5827f319b3a51fe9e1edbd422e7\unicows.dll

===== Infected Objects =====

"I:\Documents and Settings\Administrator\Local Settings\Temp\.tt6.tmp"
"I:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\antiviirus.exe"
"I:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\bho.exe"
"I:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\go[1].htm"
"I:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\jar_cache39611.tmp"
"I:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\jar_cache58800.tmp"
"I:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\jar_cache58801.tmp"
"I:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\jar_cache58802.tmp"
"I:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\sploit[1].anr"
"I:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\sploit[1]_47c.VIR"
"I:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\sploit[1]_484.VIR"
"I:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\sploit[1]_488.VIR"
"I:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\sploit[1]_48c.VI0"
"I:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\sploit[1]_48c.VIR"
"I:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\sploit[1]_490.VIR"
"I:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\sploit[1]_494.VIR"
"I:\WINDOWS\system32\ctfmona.exe"
"I:\WINDOWS\system32\drivers\kqV06.sys"
"I:\WINDOWS\system32\tuvWpQiI.dll"
"I:\WINDOWS\system32\WinCtrl32.dll"
"I:\WINDOWS\system32\WinCtrl32.dl_"

===== Details =====

Number of items = 40
Number of viruses found: 16
Number of infected objects: 41
Number of suspicious objects: 0

I:\Documents and Settings\Administrator\Local Settings\Temp\.tt6.tmp/stream/data0007 --> FraudTool.Win32.WinFixer.g
I:\Documents and Settings\Administrator\Local Settings\Temp\.tt6.tmp/stream --> FraudTool.Win32.WinFixer.g
I:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\antiviirus.exe --> Trojan-Downloader.Win32.Small.ivo
I:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\bho.exe --> Win32.E404.w
I:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\go[1].htm --> Trojan-Clicker.HTML.IFrame.fp
I:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\jar_cache39611.tmp/BlackBox.class --> Exploit.Java.ByteVerify
I:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\jar_cache39611.tmp/VerifierBug.class --> Exploit.Java.ByteVerify
I:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\jar_cache39611.tmp/Beyond.class --> Trojan-Downloader.Java.OpenConnection.aa
I:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\jar_cache58800.tmp/BlackBox.class --> Exploit.Java.ByteVerify
I:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\jar_cache58800.tmp/VerifierBug.class --> Exploit.Java.ByteVerify
I:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\jar_cache58800.tmp/Beyond.class --> Trojan-Downloader.Java.OpenConnection.aa
I:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\jar_cache58801.tmp/Matrix.class --> Trojan-Downloader.Java.OpenStream.c
I:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\jar_cache58801.tmp/Counter.class --> Trojan.Java.ClassLoader.h
I:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\jar_cache58801.tmp/Parser.class --> Trojan.Java.ClassLoader.d
I:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\jar_cache58802.tmp/GetAccess.class --> Trojan-Downloader.Java.OpenConnection.aj
I:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\jar_cache58802.tmp/Installer.class --> Trojan-Downloader.Java.OpenConnection.aj
I:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\jar_cache58802.tmp/NewSecurityClassLoader.class --> Exploit.Java.ByteVerify
I:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\jar_cache58802.tmp/NewURLClassLoader.class --> Exploit.Java.ByteVerify
I:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\sploit[1].anr --> Trojan-Downloader.Win32.Ani.c
I:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\sploit[1]_47c.VIR --> Trojan-Downloader.Win32.Ani.c
I:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\sploit[1]_484.VIR --> Trojan-Downloader.Win32.Ani.c
I:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\sploit[1]_488.VIR --> Trojan-Downloader.Win32.Ani.c
I:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\sploit[1]_48c.VI0 --> Trojan-Downloader.Win32.Ani.c
I:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\sploit[1]_48c.VIR --> Trojan-Downloader.Win32.Ani.c
I:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\sploit[1]_490.VIR --> Trojan-Downloader.Win32.Ani.c
I:\Program Files\Trend Micro\OfficeScan Client\SUSPECT\sploit[1]_494.VIR --> Trojan-Downloader.Win32.Ani.c
I:\WINDOWS\system32\ctfmona.exe --> Trojan.Win32.Agent.mtm
I:\WINDOWS\system32\drivers\kqV06.sys --> Trojan-Dropper.Win32.Agent.ror
I:\WINDOWS\system32\tuvWpQiI.dll --> Trojan-Downloader.Win32.ConHook.ru
I:\WINDOWS\system32\WinCtrl32.dll --> Trojan-Downloader.Win32.Mutant.yf
I:\WINDOWS\system32\WinCtrl32.dl_ --> Trojan-Downloader.Win32.Mutant.yf
Chewy

No. Try not. Do... or do not. There is no try.

#7 jerryc

jerryc
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 18 May 2008 - 04:28 PM

This is the Malwarebites report; apparently it only scanned the Master drive and not the slave, where the problems are. I'll check settings and re-do it if I can.

--------------------------------------------

Malwarebytes' Anti-Malware 1.12
Database version: 762

Scan type: Quick Scan
Objects scanned: 34763
Time elapsed: 7 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#8 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:09:38 AM

Posted 18 May 2008 - 04:31 PM

If you just open my computer and right click scan with mbam
Chewy

No. Try not. Do... or do not. There is no try.

#9 jerryc

jerryc
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 18 May 2008 - 05:06 PM

This is i and j drives; will do remove now. Ah. remove seems successful; do you think I should remount the HD in original comp and boot up?
----------------------------------

Malwarebytes' Anti-Malware 1.12
Database version: 762

Scan type: Full Scan (I:\|J:\|)
Objects scanned: 60563
Time elapsed: 26 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
I:\WINDOWS\system32\blackster.scr (Trojan.Agent) -> No action taken.
I:\WINDOWS\system32\ctfmona.exe (Trojan.Agent) -> No action taken.
I:\WINDOWS\system32\ctfmonb.bmp (Malware.Trace) -> No action taken.
I:\WINDOWS\system32\rqRLdBqO.dll (Trojan.Vundo) -> No action taken.
I:\WINDOWS\system32\tuvWpQiI.dll (Trojan.Vundo) -> No action taken.
I:\WINDOWS\system32\drivers\kqV06.sys (Trojan.Agent) -> No action taken.

===============



Malwarebytes' Anti-Malware 1.12
Database version: 762

Scan type: Full Scan (I:\|J:\|)
Objects scanned: 60563
Time elapsed: 26 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
I:\WINDOWS\system32\blackster.scr (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\ctfmona.exe (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\ctfmonb.bmp (Malware.Trace) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\rqRLdBqO.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\tuvWpQiI.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\drivers\kqV06.sys (Trojan.Agent) -> Quarantined and deleted successfully.

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,488 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:38 AM

Posted 18 May 2008 - 07:55 PM

Looks clean now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 jerryc

jerryc
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 18 May 2008 - 10:38 PM

That didn't work out so well. Booted fairly fast, but now still has a different desktop color, most other things aren't starting, and when I right clicked the desktop and properties, the system is now completely locked up there, nothing moves at all. Task manager is still greyed out too.
I'll re install as slave in this machine and re scan. Any other things you know of besides Malwarebites I should try?

#12 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:09:38 AM

Posted 18 May 2008 - 10:50 PM

the registry is still infected, you can't scan it from another computer
Chewy

No. Try not. Do... or do not. There is no try.

#13 jerryc

jerryc
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 18 May 2008 - 11:20 PM

Ah, I wondered about that. So I'm running the drive in the original comp again and have gone to safemode, found a bunch of stuff in temp and Temp int files (I had deleted everything in there this AM so????) that seemed to be from this attack, such as 'monstermarketplace...something or other', and deleted those and emptied recycle bin. Rebooted normal and it's running faster, Trend immediately gave a 'Troj_mutant.co' also. but still the wrong desktop color. I did have a task bar for a bit but that is now gone, and no start button, windows key doesn't work either, so I can't access programs nor 'run'. Hmmm.

Any thoughts on Trend's 'Suspect' file? should I empty that in safemode? Also, when this was a slave in the other comp I 'explored' it and C:/windows/temp had stuff in it. When I first booted into safemode and could go to 'explore' I looked at that and it was empty, but I hadn't done anything in the meanwhile. ???

I saved a copy of the registry a couple of weeks ago btw, if that's of interest.
Thanks for your help

#14 jerryc

jerryc
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 18 May 2008 - 11:52 PM

Interesting; So I rebooted into 'safemode with networking', deleted contents of C: windows/temp; Oh, ignore that part above about the 'temp'; my mistake.
I DL'd Malwarebites to this comp and reran, 24 issues, all successfully deleted. Taskmanager is still greyed out however.
I will reboot to safemode again and rescan.
-----------------------------------------------------

Malwarebytes' Anti-Malware 1.12
Database version: 765

Scan type: Quick Scan
Objects scanned: 33167
Time elapsed: 3 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 11
Registry Values Infected: 8
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\WinCtrl32.dll (Trojan.Agent) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{18f4fbd5-cde8-492c-9365-1912378eecfe} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18f4fbd5-cde8-492c-9365-1912378eecfe} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winctrl32 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1662e41f-289a-4615-8e09-75b1aa165935} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\80e431cf (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{18f4fbd5-cde8-492c-9365-1912378eecfe} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\Wallpaper (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\OriginalWallpaper (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\ConvertedWallpaper (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\SCRNSAVE.EXE (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\DriveSrv (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\advap32 (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\nacatnqg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gqntacan.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WinCtrl32.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\Resources\DriveSrv.dll (Trojan.Clicker) -> Quarantined and deleted successfully.

#15 jerryc

jerryc
  • Topic Starter

  • Members
  • 91 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 19 May 2008 - 12:17 AM

rescanned, found more stuff. 'Restore' seems to be part of things, ought I turn off System Restore and redo? The unloaded mem module seems to have come back also, after rebooting which was supposed to take care of that.
-----------------------------------------------------


Malwarebytes' Anti-Malware 1.12
Database version: 765

Scan type: Full Scan (C:\|G:\|)
Objects scanned: 59036
Time elapsed: 10 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\WinCtrl32.dll (Trojan.Agent) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winctrl32 (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{D76C6AC2-2DFC-427B-BB21-A0124E19A07B}\RP1\A0001005.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D76C6AC2-2DFC-427B-BB21-A0124E19A07B}\RP1\A0001024.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D76C6AC2-2DFC-427B-BB21-A0124E19A07B}\RP1\A0001033.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D76C6AC2-2DFC-427B-BB21-A0124E19A07B}\RP1\A0001046.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WinCtrl32.dll (Trojan.Agent) -> Delete on reboot.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users