here is my hjt log. I tried kapersky and after 3:45 of scanning my computer froze - it did identify some threats

Other things i have noticed
Spybot scan runs automatically as soon as I log in.
seems to be spyware as i ran norton corporate and it found nothing.

thanks

__________________________hjt log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:56:57 AM, on 5/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\bmwebcfg.exe
C:\Program Files\Marimba\Castanet Tuner\Tuner.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Timbuktu Pro\tb2launch.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Timbuktu Pro\tb2logon.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Timbuktu Pro\tb2pro.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\PokerOffice\bin\javaw.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Yahoo!\Yahoo! Autosync\AutosyncForYahoo.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Timbuktu Pro\TNOTIFY.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\jemuialocal\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://intranet.nar.capgemini.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://intranet.nar.capgemini.com/
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [TLogonPath] "C:\Program Files\Timbuktu Pro\tb2logon.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [ProfileBackup] wscript C:\windows\system32\Profilebackup.vbs
O4 - HKLM\..\Run: [POEngine] "C:\Program Files\PokerOffice\POEngine.exe" C:\Program Files\PokerOffice
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AT&T Communication Manager] "C:\Program Files\AT&T\Communication Manager\ATTCM.exe" -a
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [BM4bb71f3e] Rundll32.exe "C:\WINDOWS\system32\qboxangn.dll",s
O4 - HKLM\..\Run: [48842ca2] rundll32.exe "C:\WINDOWS\system32\gmttrtjh.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader\reader_sl.exe
O4 - Global Startup: VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Yahoo! Autosync.lnk = C:\Program Files\Yahoo!\Yahoo! Autosync\AutosyncForYahoo.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O14 - IERESET.INF: START_PAGE_URL=myportal.nar.capgemini.com
O15 - Trusted Zone: *.nar.capgemini.com
O15 - Trusted Zone: *.capgemini.com
O15 - Trusted Zone: *.capgemini.fr
O15 - Trusted Zone: *.cgey.com
O15 - Trusted Zone: *.dell.com
O15 - Trusted Zone: *.resources.hewitt.com
O15 - Trusted Zone: *.hewitt.com
O15 - Trusted Zone: *.hp.com
O15 - Trusted Zone: *.insors.net
O15 - Trusted Zone: *.livemeeting.com
O15 - Trusted Zone: *.placeware.com
O15 - Trusted Zone: *.probusiness.com
O15 - Trusted Zone: *.skillport.com
O15 - Trusted Zone: *.skillsoft.com
O15 - Trusted Zone: *.sumtotalsystems.com
O15 - Trusted Zone: *.talkpoint.com
O15 - Trusted Zone: *.travelport.net
O15 - Trusted Zone: *.windowsmedia.com
O16 - DPF: {1A26F07F-0D60-4835-91CF-1E1766A0EC56} - http://scanner2.malware-scan.com/setup/webinst.cab
O16 - DPF: {29F9C6B1-034C-4B69-BE8C-C6106DB8227A} (ACCReqCheck.UserControl1) - http://software.nar.capgemini.com/files/ACCReqCheck.CAB
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - https://www-307.ibm.com/pc/support/access/aslibmain/content/AcpIR.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {510F7D77-85EE-4D67-95CA-1558F3791FD0} (Siebel High Interactivity Framework) - http://pokcdcrm02/sales_enu/20408/applets/SiebelAx_HI_Client.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1209503189781
O16 - DPF: {82A019FE-4A3F-4F25-AD31-EEB33711C683} (Siebel Gantt Chart) - http://pokcdcrm02/sales_enu/20408/applets/SiebelAx_Gantt_Chart.cab
O16 - DPF: {D3BF9403-24D4-47C0-8D49-0954ADAE8338} (Project1.UserControl1) - http://software.nar.capgemini.com/files/Deployment.CAB
O16 - DPF: {E115DFA5-F746-49E7-9206-5084117AE67F} (Siebel Calendar) - http://pokcdcrm02/sales_enu/20408/applets/SiebelAx_Calendar.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = na.capgemini.com
O17 - HKLM\Software\..\Telephony: DomainName = ws.na.capgemini.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = na.capgemini.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = na.capgemini.com,nar.capgemini.com,ws.na.capgemini.com,sv.na.capgemini.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = na.capgemini.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = na.capgemini.com,nar.capgemini.com,ws.na.capgemini.com,sv.na.capgemini.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = na.capgemini.com,nar.capgemini.com,ws.na.capgemini.com,sv.na.capgemini.com
O23 - Service: Atheros Configuration Service (acs) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: AT&T RcAppSvc (ATTRcAppSvc) - PCTEL - C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe
O23 - Service: Bytemobile Web Configurator (bmwebcfg) - Bytemobile, Inc. - C:\WINDOWS\system32\bmwebcfg.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CGEYMARIMBA - Marimba, Inc. - C:\Program Files\Marimba\Castanet Tuner\Tuner.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Tb2 Launch (Tb2Launch) - Netopia, Inc. - C:\Program Files\Timbuktu Pro\tb2launch.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe

--
End of file - 11734 bytes

hi JesusMu2,

this looks like its a workplace computer to me. is that the case? Nobody in house that can help you?

It is - but I do not want to deal with their helpdesk - their approach a couple years ago when something similar happened was to reimage my machine - I would like to do it with you guys if possible- I do have the admin password so I can do stuff from safe mode if needed!

Thanks for answering

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, May 04, 2008 10:38:11 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 4/05/2008
Kaspersky Anti-Virus database records: 738844
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 70732
Number of viruses found: 14
Number of infected objects: 48
Number of suspicious objects: 0
Duration of the scan process: 01:05:12

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012008050420080505\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\UserData\index.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D480000.VBN Infected: Trojan-Downloader.SWF.Gida.a skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D4C0000.VBN Infected: not-virus:Hoax.Win32.Renos.vm skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D840003.VBN Infected: not-a-virus:Downloader.Win32.WinFixer.au skipped
C:\Documents and Settings\jemuialocal\Desktop\FairUse.Wizard.2.8.Pro\Setup.exe/data0000.cab/2NDTIE~1.EXE Infected: not-a-virus:AdWare.Win32.Virtumonde.qpm skipped
C:\Documents and Settings\jemuialocal\Desktop\FairUse.Wizard.2.8.Pro\Setup.exe/data0000.cab Infected: not-a-virus:AdWare.Win32.Virtumonde.qpm skipped
C:\Documents and Settings\jemuialocal\Desktop\FairUse.Wizard.2.8.Pro\Setup.exe Rsrc-Package: infected - 2 skipped
C:\Documents and Settings\jemuialocal\Local Settings\Temp\jpflpbli.dll Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\jemuialocal\Local Settings\Temp\ogapfojp.dll Infected: Packed.Win32.Monder.gen skipped
C:\Documents and Settings\jemuialocal\Local Settings\Temp\_bm1fcmlkZ2d0aG5rc19tYV9rdzFfbWE1cw_eWFob28uY29t_bm1fMTUyOTExXzAzNGIzYWM0MTU5YjExZGQ5ODRiMTUyOTExY2ZmZmZmX2M5NmIzZjk0YzY5MzQyYjRiMzVmOTExMTdkNjI2ODI0_.exe Infected: Trojan-Downloader.Win32.FraudLoad.oz skipped
C:\Documents and Settings\jemuialocal\Local Settings\Temp\_bm1fcmlkZ2d0aG5rc19tYV9rdzFfbWEzcw_cmVnaXN0ZXI_bm1fMTUyOTExXzAzNGIzYWM0MTU5YjExZGQ5ODRiMTUyOTExY2ZmZmZmX2M5NmIzZjk0YzY5MzQyYjRiMzVmOTExMTdkNjI2ODI0_.exe Infected: Trojan-Downloader.Win32.FraudLoad.oz skipped
C:\Documents and Settings\jemuialocal\My Documents\DL\A-Z Video Converter Ultimate v7.68 + Key [App][www.zonatorrent.com].rar/A-Z Video Converter Ultimate v7.68 + Key [App][www.zonatorrent.com]/Keygen/keygen.exe Infected: Virus.Win32.Parite.b skipped
C:\Documents and Settings\jemuialocal\My Documents\DL\A-Z Video Converter Ultimate v7.68 + Key [App][www.zonatorrent.com].rar/A-Z Video Converter Ultimate v7.68 + Key [App][www.zonatorrent.com]/Setup/az-video-converter-ultimate.exe Infected: Virus.Win32.Parite.b skipped
C:\Documents and Settings\jemuialocal\My Documents\DL\A-Z Video Converter Ultimate v7.68 + Key [App][www.zonatorrent.com].rar RAR: infected - 2 skipped
C:\Documents and Settings\jemuialocal\My Documents\DL\FairUse.Wizard.2.8.Pro.rar/FairUse.Wizard.2.8.Pro/Setup.exe/data0000.cab/2NDTIE~1.EXE Infected: not-a-virus:AdWare.Win32.Virtumonde.qpm skipped
C:\Documents and Settings\jemuialocal\My Documents\DL\FairUse.Wizard.2.8.Pro.rar/FairUse.Wizard.2.8.Pro/Setup.exe/data0000.cab Infected: not-a-virus:AdWare.Win32.Virtumonde.qpm skipped
C:\Documents and Settings\jemuialocal\My Documents\DL\FairUse.Wizard.2.8.Pro.rar/FairUse.Wizard.2.8.Pro/Setup.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.qpm skipped
C:\Documents and Settings\jemuialocal\My Documents\DL\FairUse.Wizard.2.8.Pro.rar RAR: infected - 3 skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Backup995\Backup995.exe Infected: not-a-virus:AdWare.Win32.Agent.nn skipped
C:\Program Files\MalwareAlarm\MalwareAlarm.exe Infected: not-a-virus:FraudTool.Win32.DrAntispy.bo skipped
C:\Program Files\MalwareAlarm\MalwareAlarm0.dll Infected: not-a-virus:FraudTool.Win32.BraveSentry.f skipped
C:\Program Files\MalwareAlarm\MalwareAlarm3.dll Infected: not-a-virus:FraudTool.Win32.BraveSentry.b skipped
C:\Program Files\MalwareAlarm\pv.exe Infected: not-a-virus:FraudTool.Win32.DrAntispy.bp skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{70E8B66B-65D7-47BD-9FEE-E057F1140A84}\RP129\A0062295.exe/data0000.cab/2NDTIE~1.EXE Infected: not-a-virus:AdWare.Win32.Virtumonde.qpm skipped
C:\System Volume Information\_restore{70E8B66B-65D7-47BD-9FEE-E057F1140A84}\RP129\A0062295.exe/data0000.cab Infected: not-a-virus:AdWare.Win32.Virtumonde.qpm skipped
C:\System Volume Information\_restore{70E8B66B-65D7-47BD-9FEE-E057F1140A84}\RP129\A0062295.exe Rsrc-Package: infected - 2 skipped
C:\System Volume Information\_restore{70E8B66B-65D7-47BD-9FEE-E057F1140A84}\RP129\A0062434.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{70E8B66B-65D7-47BD-9FEE-E057F1140A84}\RP129\A0062435.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{70E8B66B-65D7-47BD-9FEE-E057F1140A84}\RP129\A0062436.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{70E8B66B-65D7-47BD-9FEE-E057F1140A84}\RP130\A0062825.dll Infected: not-a-virus:FraudTool.Win32.BraveSentry.f skipped
C:\System Volume Information\_restore{70E8B66B-65D7-47BD-9FEE-E057F1140A84}\RP130\A0062827.dll Infected: not-a-virus:FraudTool.Win32.BraveSentry.b skipped
C:\System Volume Information\_restore{70E8B66B-65D7-47BD-9FEE-E057F1140A84}\RP130\A0062831.exe Infected: not-a-virus:FraudTool.Win32.DrAntispy.bp skipped
C:\System Volume Information\_restore{70E8B66B-65D7-47BD-9FEE-E057F1140A84}\RP131\A0063328.exe Infected: Trojan-Downloader.Win32.FraudLoad.oz skipped
C:\System Volume Information\_restore{70E8B66B-65D7-47BD-9FEE-E057F1140A84}\RP131\A0063331.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{70E8B66B-65D7-47BD-9FEE-E057F1140A84}\RP131\A0063333.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{70E8B66B-65D7-47BD-9FEE-E057F1140A84}\RP131\A0063334.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{70E8B66B-65D7-47BD-9FEE-E057F1140A84}\RP131\A0063335.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{70E8B66B-65D7-47BD-9FEE-E057F1140A84}\RP131\A0063336.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{70E8B66B-65D7-47BD-9FEE-E057F1140A84}\RP131\A0063337.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{70E8B66B-65D7-47BD-9FEE-E057F1140A84}\RP131\A0063338.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{70E8B66B-65D7-47BD-9FEE-E057F1140A84}\RP132\A0063397.dll Infected: Packed.Win32.Monder.gen skipped
C:\System Volume Information\_restore{70E8B66B-65D7-47BD-9FEE-E057F1140A84}\RP132\change.log Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\Netlogon.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Downloaded Program Files\webinst.dll Infected: Trojan-Downloader.Win32.FraudLoad.tv skipped
C:\WINDOWS\Prefetch\layout.ini Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\ddcApmJd.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.pmr skipped
C:\WINDOWS\system32\gmttrtjh.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\ibmvxirr.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\jkkJcYom.dll_old Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\khfCrQJb.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\qboxangn.dll Infected: Packed.Win32.Monder.gen skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\xpupdate.exe Infected: Trojan-Downloader.Win32.FraudLoad.oz skipped

Scan process completed.

hi JesusMu2,

this looks like its a workplace computer to me. is that the case? Nobody in house that can help you?


It is - but I do not want to deal with their helpdesk - their approach a couple years ago when something similar happened was to reimage my machine - I would like to do it with you guys if possible- I do have the admin password so I can do stuff from safe mode if needed!

Thanks for answering
Hello,

Excuse me for edging in.

i ran norton corporate and it found nothing.If this machine belongs to a Corporate organization, then Spybot-S&D would also be a Corporate edition? http://forums.spybot.info/showthread.php?t=16402

Please see: Personal computers or..... (http://forums.spybot.info/showpost.php?p=25712&postcount=5)


Note:
When the infected computer in question is a company machine in the workplace, and you are an employee.

Your organization must give their permission for assistance to be received in the removal of malware. The intention of this forum is not to replace a company's IT department.

More than one machine could be at stake, possibly even the server. If sensitive material has been compromised by an infection, the company could be held liable.

Please inform your IT department or Supervisor when a workplace computer has been infected, immediately.
I do have the admin password so I can do stuff from safe mode if needed!

I don't know why an IT department would allow someone to have the administrator password, however tools are downloaded and installed during a cleanup.

This forum is for PC owners where the user can make their own decisions about their own machines.

Best regards.