kookster
2008-05-12, 04:54
Hello all,
I have no hair left..have spent the last week trying everything including the helpdesk to fix the problem...no joy. "rundll" error..."warning: spyware..." desktop....Can you please help me...PLEASE
Here is the HJT and Kaspersky logs:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:32, on 2008-05-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Drivers\trcboot.exe
C:\Program Files\EDS\ADCClientServices\Client\ADCClientHost.exe
C:\Program Files\EDS\ADCClientServices\DownloadManager\ADCDownloadMgrHost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\eds\ucr\edsencryptionmonitor.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\WINDOWS\LogWatNT.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\U.exe
C:\WINDOWS\winself.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
C:\WINDOWS\winsysse.exe
C:\WINDOWS\system32\Prot_srv.exe
C:\Program Files\Pointsec\Connect\PointSecConnect.exe
C:\WINDOWS\system32\pstartSr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\WebDrive\wdService.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\System32\CCM\CcmExec.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wmsdkns.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\Pointsec\Pointsec for PC\P95Tray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
C:\Program Files\TiVo\Desktop\TiVoNotify.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\EDS\ADCClientServices\DownloadManager\ADCPasswordMonitor.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by EDS COE
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://inet-pac.sabre.com:81/eds-proxy.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=Internetpln.eds.com:81;gopher=Internetpln.eds.com:80;http=Internetpln.eds.com:80;https=Internetpln.eds.com:443;socks=eds-socks.sabre.com:1080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.eds.com;<local>
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wmsdkns.exe,
O1 - Hosts: 198.132.135.57 USPLM150
O1 - Hosts: 198.132.135.24 USPLM231
O1 - Hosts: 198.132.135.23 USPLM232
O1 - Hosts: 198.132.135.26 USPLM233
O1 - Hosts: 198.132.135.43 USPLM234
O1 - Hosts: 198.132.135.20 USPLM235
O1 - Hosts: 198.132.135.21 USPLM236
O1 - Hosts: 198.132.135.25 USPLM237
O1 - Hosts: 198.132.135.27 USPLM238
O1 - Hosts: 198.132.135.46 USPLM239
O1 - Hosts: 198.132.135.51 USPLM301
O1 - Hosts: 205.191.22.41 eim.eds.com
O1 - Hosts: 162.92.161.243 helpdesk
O1 - Hosts: 204.104.80.71 lc.gld.eds.com
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: BHelper Objects - {0BD8D6AE-A0BE-4CD2-9A7D-E440E33C3227} - C:\WINDOWS\system32\winsconfg.dll
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {1442efea-f280-46df-afcb-4d9c439ac130} - (no file)
O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
O2 - BHO: (no name) - {20264D19-91A1-492D-8988-9A6C11F1A403} - C:\WINDOWS\system32\mlljg.dll (file missing)
O2 - BHO: (no name) - {348363a5-098a-414c-81f3-f692e98440e3} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: {84d44915-10a4-fd1b-e9d4-f05ef1be2ca5} - {5ac2eb1f-e50f-4d9e-b1df-4a0151944d48} - C:\WINDOWS\system32\wnkpyuma.dll (file missing)
O2 - BHO: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {5fadbc5d-c153-487e-abb3-1be3ccde1527} - (no file)
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: (no name) - {7482E88C-216D-415F-B008-93315AB69225} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: (no name) - {ba18bdcb-9d70-4d52-badb-edb52d6ad20d} - (no file)
O2 - BHO: (no name) - {C32BC553-A1F9-489C-BAA8-7B9C297B45DA} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {D0DD2D0B-4DF6-4195-9ECF-9000AA5EA3AA} - (no file)
O2 - BHO: (no name) - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [Pointsec Tray] C:\Program Files\Pointsec\Pointsec for PC\P95Tray.exe
O4 - HKLM\..\Run: [EMFINV] C:\Program Files\Eds\EmfInv\emfinv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe /EnsureFileVersions
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [BM01d11728] Rundll32.exe "C:\WINDOWS\system32\ckmbceqf.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer
O4 - HKCU\..\Run: [TivoNotify] "C:\Program Files\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /registry
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Password Monitor.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: VPN Client.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://*.helpdesk
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1203125582546
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - https://sslvpnpl.eds.com/ICSScanner.cab
O16 - DPF: {B4CB50E4-0309-4906-86EA-10B6641C8392} (SlimClient Class) -
O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.5.0_01) -
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} -
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = amer.corp.eds.com
O17 - HKLM\Software\..\Telephony: DomainName = amer.corp.eds.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = amer.corp.eds.com
O20 - Winlogon Notify: mlljg - C:\WINDOWS\system32\mlljg.dll (file missing)
O20 - Winlogon Notify: pmnll - C:\WINDOWS\system32\pmnll.dll (file missing)
O20 - Winlogon Notify: pmnmmnm - pmnmmnm.dll (file missing)
O20 - Winlogon Notify: vturs - C:\WINDOWS\system32\vturs.dll (file missing)
O23 - Service: ADC Client Service (ADCClientService) - Unknown owner - C:\Program Files\EDS\ADCClientServices\Client\ADCClientHost.exe
O23 - Service: ADC Download Manager Service (ADCDownloadMgrService) - Unknown owner - C:\Program Files\EDS\ADCClientServices\DownloadManager\ADCDownloadMgrHost.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Check Point SSL Network Extender (cpextender) - Check Point Software Technologies - C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: EDS Encryption Monitor (EdsEncryptionMonitor) - EDS - c:\program files\eds\ucr\edsencryptionmonitor.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\WINDOWS\LogWatNT.exe
O23 - Service: MsSecurity (MsSecurity1.203.2) - Unknown owner - C:\WINDOWS\U.exe
O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINDOWS\winself.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: OSCM Utility Service - Sprint Spectrum, L.L.C - C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
O23 - Service: Plug and Play (RPC) (PlugPlayRPC) - Unknown owner - C:\WINDOWS\winsysse.exe
O23 - Service: Pointsec - Unknown owner - C:\WINDOWS\system32\Prot_srv.exe
O23 - Service: Pointsec Connect - Pointsec Mobile Technologies AB - C:\Program Files\Pointsec\Connect\PointSecConnect.exe
O23 - Service: Pointsec Service Start (Pointsec_start) - Unknown owner - C:\WINDOWS\system32\pstartSr.exe
O23 - Service: Sabre Print (SabrePrint) - Unknown owner - C:\Program Files\The Sabre Group\Print32\OADP.EXE (file missing)
O23 - Service: ServiceCenter - Unknown owner - C:\Program Files\ServiceCenter\RUN\scservic.exe (file missing)
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
O23 - Service: IBM Trace Facility (TrcBoot) - IBM Corporation - C:\WINDOWS\System32\Drivers\trcboot.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WebDrive Service (WebDriveService) - South River Technologies, LLC - C:\Program Files\WebDrive\wdService.exe
--
End of file - 15985 bytes
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
2008-05-11 14:21
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 11/05/2008
Kaspersky Anti-Virus database records: 757206
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
E:\
Scan Statistics:
Total number of scanned objects: 95946
Number of viruses found: 19
Number of infected objects: 96
Number of suspicious objects: 4
Duration of the scan process: 03:28:10
Infected Object Name / Virus Name / Last Action
C:\Burner\Downloads\Spy Agent 4.0.exe/Deploy.exe Infected: not-a-virus:Monitor.Win32.SpyAgent.43302 skipped
C:\Burner\Downloads\Spy Agent 4.0.exe/SpyRename.exe Infected: not-a-virus:Monitor.Win32.SpyAgent.40001 skipped
C:\Burner\Downloads\Spy Agent 4.0.exe Vise: infected - 2 skipped
C:\Program Files\CA\eTrust Antivirus\DB\rtmaster.dbf Object is locked skipped
C:\Program Files\CA\eTrust Antivirus\DB\rtmaster.ntx Object is locked skipped
C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.log Object is locked skipped
C:\Program Files\EDS\ADCClientServices\Client\ADCClient_trace.log Object is locked skipped
C:\Program Files\EDS\ADCClientServices\DownloadManager\ADCDownloadMgr_trace.log Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\master.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\mastlog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\model.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\modellog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\tempdb.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\templog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\LOG\ERRORLOG Object is locked skipped
C:\Program Files\Pointsec\Pointsec for PC\ConnectLog.txt Object is locked skipped
C:\RECYCLER\S-1-5-21-300545608-800939146-3067286663-1010\Dc2\Installer\BSInstall5.2.5.1.exe/WISE0026.BIN/clientax.dll Infected: not-a-virus:AdWare.Win32.180Solutions.ao skipped
C:\RECYCLER\S-1-5-21-300545608-800939146-3067286663-1010\Dc2\Installer\BSInstall5.2.5.1.exe/WISE0026.BIN Infected: not-a-virus:AdWare.Win32.180Solutions.ao skipped
C:\RECYCLER\S-1-5-21-300545608-800939146-3067286663-1010\Dc2\Installer\BSInstall5.2.5.1.exe WiseSFX: infected - 2 skipped
C:\RECYCLER\S-1-5-21-300545608-800939146-3067286663-1010\Dc2\Installer\BSInstall5.2.5.1.exe WiseSFXDropper: infected - 2 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{96AA64F2-D582-4BE3-9AA9-9D35A6EB243A}\RP708\A0180898.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ayt skipped
C:\System Volume Information\_restore{96AA64F2-D582-4BE3-9AA9-9D35A6EB243A}\RP708\A0180900.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{96AA64F2-D582-4BE3-9AA9-9D35A6EB243A}\RP708\A0180901.dll Infected: Trojan.Win32.Monder.bs skipped
C:\System Volume Information\_restore{96AA64F2-D582-4BE3-9AA9-9D35A6EB243A}\RP708\A0180902.dll Infected: Trojan.Win32.Monder.bs skipped
C:\System Volume Information\_restore{96AA64F2-D582-4BE3-9AA9-9D35A6EB243A}\RP708\A0180903.dll Infected: Trojan.Win32.Monder.bs skipped
C:\System Volume Information\_restore{96AA64F2-D582-4BE3-9AA9-9D35A6EB243A}\RP708\A0180904.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{96AA64F2-D582-4BE3-9AA9-9D35A6EB243A}\RP708\A0180905.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{96AA64F2-D582-4BE3-9AA9-9D35A6EB243A}\RP708\A0180906.dll Infected: Trojan.Win32.Monder.bs skipped
C:\System Volume Information\_restore{96AA64F2-D582-4BE3-9AA9-9D35A6EB243A}\RP708\A0180907.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{96AA64F2-D582-4BE3-9AA9-9D35A6EB243A}\RP708\A0180908.dll Infected: Trojan.Win32.Monder.bs skipped
C:\System Volume Information\_restore{96AA64F2-D582-4BE3-9AA9-9D35A6EB243A}\RP708\A0180909.dll Infected: Trojan.Win32.Monder.bs skipped
C:\System Volume Information\_restore{96AA64F2-D582-4BE3-9AA9-9D35A6EB243A}\RP708\A0180910.dll Infected: Trojan.Win32.Monder.bs skipped
C:\System Volume Information\_restore{96AA64F2-D582-4BE3-9AA9-9D35A6EB243A}\RP708\A0180911.dll Infected: Trojan.Win32.Monder.bs skipped
C:\System Volume Information\_restore{96AA64F2-D582-4BE3-9AA9-9D35A6EB243A}\RP708\A0180912.dll Infected: Trojan.Win32.Monder.bs skipped
C:\System Volume Information\_restore{96AA64F2-D582-4BE3-9AA9-9D35A6EB243A}\RP708\A0180913.dll Infected: Trojan.Win32.Monder.bs skipped
C:\System Volume Information\_restore{96AA64F2-D582-4BE3-9AA9-9D35A6EB243A}\RP708\A0180914.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{96AA64F2-D582-4BE3-9AA9-9D35A6EB243A}\RP708\A0180915.dll Infected: Trojan.Win32.Monder.bs skipped
C:\System Volume Information\_restore{96AA64F2-D582-4BE3-9AA9-9D35A6EB243A}\RP708\A0180916.dll Infected: Trojan.Win32.Monder.bs skipped
C:\System Volume Information\_restore{96AA64F2-D582-4BE3-9AA9-9D35A6EB243A}\RP708\A0180917.dll Infected: Trojan.Win32.Monder.bs skipped
C:\System Volume Information\_restore{96AA64F2-D582-4BE3-9AA9-9D35A6EB243A}\RP708\A0180918.dll Infected: Trojan.Win32.Monder.bs skipped
C:\System Volume Information\_restore{96AA64F2-D582-4BE3-9AA9-9D35A6EB243A}\RP708\A0180919.dll Infected: Trojan.Win32.Monder.bs skipped
C:\System Volume Information\_restore{96AA64F2-D582-4BE3-9AA9-9D35A6EB243A}\RP708\A0180920.dll Infected: Trojan.Win32.Monder.bs skipped
C:\System Volume Information\_restore{96AA64F2-D582-4BE3-9AA9-9D35A6EB243A}\RP708\A0180921.dll Infected: Trojan.Win32.Monder.bs skipped
C:\System Volume Information\_restore{96AA64F2-D582-4BE3-9AA9-9D35A6EB243A}\RP730\A0185474.dll Infected: Trojan.Win32.Monder.bs skipped
C:\System Volume Information\_restore{96AA64F2-D582-4BE3-9AA9-9D35A6EB243A}\RP730\change.log Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\colbact.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comuid.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\es.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\migregdb.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\ole32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\txflog.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\dao360.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\expsrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\msexch40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\msexcl40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\msjet40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\msjetol1.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\msjetoledb40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\msjint40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\msjter40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\msjtes40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\msltus40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\mspbde40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\msrd2x40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\msrd3x40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\msrepl40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\mstext40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\mswdat10.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\mswstr10.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\msxbde40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\vbajet32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB833987$\sxs.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB833998$\shell32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB833998$\sxs.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\callcont.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\cmdevtgprov.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\evtgprov.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323.tsp Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msgina.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mst120.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\schannel.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\xpsp2res.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\dao360.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msexcl40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjet40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjetol1.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjetoledb40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjtes40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB839645$\xpsp2res.dll Object is locked skipped
C:\WINDOWS\$NtUninstallQ828026$\msdxm.ocx Object is locked skipped
C:\WINDOWS\$NtUninstallQ828026$\wmpcore.dll Object is locked skipped
C:\WINDOWS\antisp32.exe Infected: Trojan-Downloader.Win32.Agent.oht skipped
C:\WINDOWS\Debug\Netlogon.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\default.htm Infected: not-virus:Hoax.HTML.Secureinvites.b skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\lfn.exe Infected: not-virus:Hoax.Win32.Renos.cda skipped
C:\WINDOWS\oopsdefault.htm Infected: not-virus:Hoax.HTML.Secureinvites.b skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\bhfiekxd.dll Infected: Trojan.Win32.KillAV.rf skipped
C:\WINDOWS\system32\bhybnbjv.dll Infected: Trojan.Win32.KillAV.rf skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\CCM\Cache\000001AE.10.System\Documents\Summary_files\BIT85D.tmp Object is locked skipped
C:\WINDOWS\system32\CCM\Logs\CAS.log Object is locked skipped
C:\WINDOWS\system32\CCM\Logs\CcmExec.log Object is locked skipped
C:\WINDOWS\system32\CCM\Logs\CertificateMaintenance.log Object is locked skipped
C:\WINDOWS\system32\CCM\Logs\ClientIDManagerStartup.log Object is locked skipped
C:\WINDOWS\system32\CCM\Logs\ContentTransferManager.log Object is locked skipped
C:\WINDOWS\system32\CCM\Logs\DataTransferService.log Object is locked skipped
C:\WINDOWS\system32\CCM\Logs\execmgr.log Object is locked skipped
C:\WINDOWS\system32\CCM\Logs\InventoryAgent.log Object is locked skipped
C:\WINDOWS\system32\CCM\Logs\LocationServices.log Object is locked skipped
C:\WINDOWS\system32\CCM\Logs\mtrmgr.log Object is locked skipped
C:\WINDOWS\system32\CCM\Logs\PatchInstall.log Object is locked skipped
C:\WINDOWS\system32\CCM\Logs\PatchUIMonitor.log Object is locked skipped
C:\WINDOWS\system32\CCM\Logs\PolicyAgent.log Object is locked skipped
C:\WINDOWS\system32\CCM\Logs\PolicyAgentProvider.log Object is locked skipped
C:\WINDOWS\system32\CCM\Logs\PolicyEvaluator.log Object is locked skipped
C:\WINDOWS\system32\CCM\Logs\Scheduler.log Object is locked skipped
C:\WINDOWS\system32\CCM\Logs\SrcUpdateMgr.log Object is locked skipped
C:\WINDOWS\system32\CCM\Logs\StatusAgent.log Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\CertificateMaintenanceEndpoint\0000006R.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\CertificateMaintenanceEndpoint\0000006R.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\CTMDTSReply\00000026.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\CTMDTSReply\00000026.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\execmgr\00000011.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\execmgr\00000011.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\InventoryAgent\00000005.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\InventoryAgent\00000005.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\LS_ReplyLocations\0000000V.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\LS_ReplyLocations\0000000V.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\LS_ScheduledCleanup\0000001Y.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\LS_ScheduledCleanup\0000001Y.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\MtrMgr\00000001.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\MtrMgr\00000001.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PatchUIMonitor\00000001.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PatchUIMonitor\00000001.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_Cleanup\00000011.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_Cleanup\00000011.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_PolicyDownload\00000007.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_PolicyDownload\00000007.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_PolicyEvaluator\000003NU.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_PolicyEvaluator\000003NU.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_ReplyAssignments\00000006.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_ReplyAssignments\00000006.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_RequestAssignments\0000018M.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_RequestAssignments\0000018M.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_ReRequestPolicy\00000001.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_ReRequestPolicy\00000001.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\RemoteToolsAgent\00000001.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\RemoteToolsAgent\00000001.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\SrcUpdateMgr\00000001.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\SrcUpdateMgr\00000001.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\SWMTRReportGen\00000001.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\SWMTRReportGen\00000001.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\UpdatesInstallMgr\00000001.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\UpdatesInstallMgr\00000001.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\UploadProtocol\00000001.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\UploadProtocol\00000001.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\amp_[http]mp_locationmanager\0000007X.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\amp_[http]mp_locationmanager\0000007X.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\direct_usahsemf200_uploadprotocol\00000001.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\direct_usahsemf200_uploadprotocol\00000001.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\direct_usplsemf100_uploadprotocol\00000001.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\direct_usplsemf100_uploadprotocol\00000001.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_mp_ddrendpoint\00000001.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_mp_ddrendpoint\00000001.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_mp_hinvendpoint\00000003.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_mp_hinvendpoint\00000003.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_mp_sinvendpoint\00000001.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_mp_sinvendpoint\00000001.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_statusreceiver\0000001D.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_statusreceiver\0000001D.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_statusreceiver\0000001E.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_statusreceiver\0000001E.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_[http]mp_locationmanager\000000FG.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_[http]mp_locationmanager\000000FG.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_[http]mp_policymanager\000000EK.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_[http]mp_policymanager\000000EK.que Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\Pointsec.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\cwyafebp.dll Infected: Trojan.Win32.KillAV.rf skipped
C:\WINDOWS\system32\dxbvawne.dll Infected: Trojan.Win32.KillAV.rf skipped
C:\WINDOWS\system32\eijdxjwb.dll Infected: Trojan.Win32.KillAV.rf skipped
C:\WINDOWS\system32\eujxdgfs.dll Infected: Trojan.Win32.KillAV.rf skipped
C:\WINDOWS\system32\fehcgspx.dll Infected: Trojan.Win32.KillAV.rf skipped
C:\WINDOWS\system32\fettxpoe.dll Infected: Trojan.Win32.KillAV.rf skipped
C:\WINDOWS\system32\gabjmhju.dll Infected: Trojan.Win32.KillAV.rf skipped
C:\WINDOWS\system32\gpnawwkj.dll Infected: Trojan.Win32.KillAV.rf skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\hlnbjiio.dll Infected: Trojan.Win32.KillAV.rf skipped
C:\WINDOWS\system32\ijkbbxfs.dll Infected: Trojan.Win32.KillAV.rf skipped
C:\WINDOWS\system32\inrynpvy.dll Infected: Trojan.Win32.KillAV.rf skipped
C:\WINDOWS\system32\jsrsxxkw.dll Infected: Trojan.Win32.KillAV.rf skipped
C:\WINDOWS\system32\lgjxgbfa.dll Infected: Trojan.Win32.KillAV.rf skipped
C:\WINDOWS\system32\lhriqtiq.dll Infected: Trojan.Win32.KillAV.rf skipped
C:\WINDOWS\system32\lkgrxdlm.dll Infected: Trojan.Win32.KillAV.rf skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\lpfbocna.dll Infected: Trojan.Win32.KillAV.rf skipped
C:\WINDOWS\system32\lucjklcc.dll Infected: Trojan.Win32.KillAV.rf skipped
C:\WINDOWS\system32\nxcafooy.dll Infected: Trojan.Win32.KillAV.rf skipped
C:\WINDOWS\system32\rxddomwr.dll Infected: Trojan.Win32.KillAV.rf skipped
C:\WINDOWS\system32\sgxhppts.dll Infected: Trojan.Win32.KillAV.rf skipped
C:\WINDOWS\system32\slmowucl.dll Infected: Trojan.Win32.KillAV.rf skipped
C:\WINDOWS\system32\vxrvfhut.dll Infected: Trojan.Win32.KillAV.rf skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\wcvxedtq.dll Infected: Trojan.Win32.KillAV.rf skipped
C:\WINDOWS\system32\whivvpau.dll Infected: Trojan.Win32.KillAV.rf skipped
C:\WINDOWS\system32\wmsdkns.exe Infected: not-virus:Hoax.Win32.Renos.cda skipped
C:\WINDOWS\system32\wugehanj.dll Infected: Trojan.Win32.KillAV.rf skipped
C:\WINDOWS\Temp\Perflib_Perfdata_3ac.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\winself.exe Infected: Trojan-Downloader.Win32.Agent.oht skipped
D:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
D:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
D:\Documents and Settings\All Users\Application Data\QSLLPSVCShare Object is locked skipped
D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SecondThoughtSTCLoader.zip/stcloader.exe Suspicious: Password-protected-EXE skipped
D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SecondThoughtSTCLoader.zip ZIP: suspicious - 1 skipped
D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SecondThoughtSTCLoader5.zip/stcloader.exe Suspicious: Password-protected-EXE skipped
D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SecondThoughtSTCLoader5.zip ZIP: suspicious - 1 skipped
D:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
D:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
D:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
D:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
D:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
D:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
D:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
D:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
D:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
D:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
D:\Documents and Settings\xzj7d3\Application Data\$_hpcst$.hpc Object is locked skipped
D:\Documents and Settings\xzj7d3\Cookies\index.dat Object is locked skipped
D:\Documents and Settings\xzj7d3\Local Settings\Application Data\Microsoft\Outlook\2005archive.pst/2005 Archive Folders/Deleted Items/Funnies/03 May 2001 14:48 from Lenny Ingve:FW: Tornado/GIROGI~1.EXE Infected: not-virus:BadJoke.Win32.Train skipped
D:\Documents and Settings\xzj7d3\Local Settings\Application Data\Microsoft\Outlook\2005archive.pst MailMSMaill: infected - 1 skipped
D:\Documents and Settings\xzj7d3\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
D:\Documents and Settings\xzj7d3\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
D:\Documents and Settings\xzj7d3\Local Settings\History\History.IE5\index.dat Object is locked skipped
D:\Documents and Settings\xzj7d3\Local Settings\Temp\WCESLog.log Object is locked skipped
D:\Documents and Settings\xzj7d3\Local Settings\Temp\~DFD8C7.tmp Object is locked skipped
D:\Documents and Settings\xzj7d3\Local Settings\Temporary Internet Files\Content.IE5\0WI3RMS3\m7[1] Infected: Trojan.Win32.Monder.bs skipped
D:\Documents and Settings\xzj7d3\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
D:\Documents and Settings\xzj7d3\My Documents\ubcdwin\plugin\Network\ipscan\ipscan.exe Infected: not-a-virus:NetTool.Win32.Portscan.c skipped
D:\Documents and Settings\xzj7d3\My Documents\ubcdwin\plugin\Network\netcat\files\nc.exe Infected: not-a-virus:RemoteAdmin.Win32.NetCat skipped
D:\Documents and Settings\xzj7d3\My Documents\ubcdwin\plugin\Network\ultravnc\files\vnchooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.e skipped
D:\Documents and Settings\xzj7d3\My Documents\ubcdwin\plugin\Network\ultravnc\files\winvnc.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.e skipped
D:\Documents and Settings\xzj7d3\My Documents\ubcdwin\plugin\Network\VNCServer\vncconfig.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
D:\Documents and Settings\xzj7d3\My Documents\ubcdwin\plugin\Network\VNCServer\winvnc4.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
D:\Documents and Settings\xzj7d3\My Documents\ubcdwin\plugin\Network\VNCServer\wm_hooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
D:\Documents and Settings\xzj7d3\My Documents\ubcdwin\plugin\System-Info\Information\keyfinderpe\keyfinder.exe/data.rar/xpkey.exe Infected: not-a-virus:PSWTool.Win32.RAS.g skipped
D:\Documents and Settings\xzj7d3\My Documents\ubcdwin\plugin\System-Info\Information\keyfinderpe\keyfinder.exe/data.rar/officekey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
D:\Documents and Settings\xzj7d3\My Documents\ubcdwin\plugin\System-Info\Information\keyfinderpe\keyfinder.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
D:\Documents and Settings\xzj7d3\My Documents\ubcdwin\plugin\System-Info\Information\keyfinderpe\keyfinder.exe RarSFX: infected - 3 skipped
D:\Documents and Settings\xzj7d3\My Documents\ubcdwin\UBCD4WinV302.exe/plugin/Network/ipscan/ipscan.exe Infected: not-a-virus:NetTool.Win32.Portscan.c skipped
D:\Documents and Settings\xzj7d3\My Documents\ubcdwin\UBCD4WinV302.exe/plugin/System-Info/Information/keyfinderpe/keyfinder.exe/data.rar/xpkey.exe Infected: not-a-virus:PSWTool.Win32.RAS.g skipped
D:\Documents and Settings\xzj7d3\My Documents\ubcdwin\UBCD4WinV302.exe/plugin/System-Info/Information/keyfinderpe/keyfinder.exe/data.rar/officekey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
D:\Documents and Settings\xzj7d3\My Documents\ubcdwin\UBCD4WinV302.exe/plugin/System-Info/Information/keyfinderpe/keyfinder.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
D:\Documents and Settings\xzj7d3\My Documents\ubcdwin\UBCD4WinV302.exe/plugin/System-Info/Information/keyfinderpe/keyfinder.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
D:\Documents and Settings\xzj7d3\My Documents\ubcdwin\UBCD4WinV302.exe/plugin/Network/netcat/files/nc.exe Infected: not-a-virus:RemoteAdmin.Win32.NetCat skipped
D:\Documents and Settings\xzj7d3\My Documents\ubcdwin\UBCD4WinV302.exe/plugin/Network/VNCServer/vncconfig.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
D:\Documents and Settings\xzj7d3\My Documents\ubcdwin\UBCD4WinV302.exe/plugin/Network/ultravnc/files/winvnc.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.e skipped
D:\Documents and Settings\xzj7d3\My Documents\ubcdwin\UBCD4WinV302.exe/plugin/Network/VNCServer/winvnc4.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
D:\Documents and Settings\xzj7d3\My Documents\ubcdwin\UBCD4WinV302.exe/plugin/Network/ultravnc/files/vnchooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.e skipped
D:\Documents and Settings\xzj7d3\My Documents\ubcdwin\UBCD4WinV302.exe/plugin/Network/VNCServer/wm_hooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
D:\Documents and Settings\xzj7d3\My Documents\ubcdwin\UBCD4WinV302.exe RAR: infected - 11 skipped
D:\Documents and Settings\xzj7d3\NTUSER.DAT Object is locked skipped
D:\Documents and Settings\xzj7d3\NTUSER.DAT.LOG Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{96AA64F2-D582-4BE3-9AA9-9D35A6EB243A}\RP708\A0181055.dll Infected: Trojan.Win32.Monder.gen skipped
D:\System Volume Information\_restore{96AA64F2-D582-4BE3-9AA9-9D35A6EB243A}\RP708\A0181062.exe/WISE0104.BIN/stream/data0005 Infected: not-a-virus:AdWare.Win32.Mostofate.j skipped
D:\System Volume Information\_restore{96AA64F2-D582-4BE3-9AA9-9D35A6EB243A}\RP708\A0181062.exe/WISE0104.BIN/stream Infected: not-a-virus:AdWare.Win32.Mostofate.j skipped
D:\System Volume Information\_restore{96AA64F2-D582-4BE3-9AA9-9D35A6EB243A}\RP708\A0181062.exe/WISE0104.BIN Infected: not-a-virus:AdWare.Win32.Mostofate.j skipped
D:\System Volume Information\_restore{96AA64F2-D582-4BE3-9AA9-9D35A6EB243A}\RP708\A0181062.exe WiseSFX: infected - 3 skipped
D:\System Volume Information\_restore{96AA64F2-D582-4BE3-9AA9-9D35A6EB243A}\RP708\A0181062.exe WiseSFXDropper: infected - 3 skipped
D:\System Volume Information\_restore{96AA64F2-D582-4BE3-9AA9-9D35A6EB243A}\RP730\change.log Object is locked skipped
Scan process completed.
Thanx in advance
I have no hair left..have spent the last week trying everything including the helpdesk to fix the problem...no joy. "rundll" error..."warning: spyware..." desktop....Can you please help me...PLEASE
Here is the HJT and Kaspersky logs:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:32, on 2008-05-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Drivers\trcboot.exe
C:\Program Files\EDS\ADCClientServices\Client\ADCClientHost.exe
C:\Program Files\EDS\ADCClientServices\DownloadManager\ADCDownloadMgrHost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\eds\ucr\edsencryptionmonitor.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\WINDOWS\LogWatNT.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\U.exe
C:\WINDOWS\winself.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
C:\WINDOWS\winsysse.exe
C:\WINDOWS\system32\Prot_srv.exe
C:\Program Files\Pointsec\Connect\PointSecConnect.exe
C:\WINDOWS\system32\pstartSr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\WebDrive\wdService.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\System32\CCM\CcmExec.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wmsdkns.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Program Files\Pointsec\Pointsec for PC\P95Tray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
C:\Program Files\TiVo\Desktop\TiVoNotify.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\EDS\ADCClientServices\DownloadManager\ADCPasswordMonitor.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by EDS COE
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://inet-pac.sabre.com:81/eds-proxy.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=Internetpln.eds.com:81;gopher=Internetpln.eds.com:80;http=Internetpln.eds.com:80;https=Internetpln.eds.com:443;socks=eds-socks.sabre.com:1080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.eds.com;<local>
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wmsdkns.exe,
O1 - Hosts: 198.132.135.57 USPLM150
O1 - Hosts: 198.132.135.24 USPLM231
O1 - Hosts: 198.132.135.23 USPLM232
O1 - Hosts: 198.132.135.26 USPLM233
O1 - Hosts: 198.132.135.43 USPLM234
O1 - Hosts: 198.132.135.20 USPLM235
O1 - Hosts: 198.132.135.21 USPLM236
O1 - Hosts: 198.132.135.25 USPLM237
O1 - Hosts: 198.132.135.27 USPLM238
O1 - Hosts: 198.132.135.46 USPLM239
O1 - Hosts: 198.132.135.51 USPLM301
O1 - Hosts: 205.191.22.41 eim.eds.com
O1 - Hosts: 162.92.161.243 helpdesk
O1 - Hosts: 204.104.80.71 lc.gld.eds.com
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: BHelper Objects - {0BD8D6AE-A0BE-4CD2-9A7D-E440E33C3227} - C:\WINDOWS\system32\winsconfg.dll
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {1442efea-f280-46df-afcb-4d9c439ac130} - (no file)
O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
O2 - BHO: (no name) - {20264D19-91A1-492D-8988-9A6C11F1A403} - C:\WINDOWS\system32\mlljg.dll (file missing)
O2 - BHO: (no name) - {348363a5-098a-414c-81f3-f692e98440e3} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: {84d44915-10a4-fd1b-e9d4-f05ef1be2ca5} - {5ac2eb1f-e50f-4d9e-b1df-4a0151944d48} - C:\WINDOWS\system32\wnkpyuma.dll (file missing)
O2 - BHO: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {5fadbc5d-c153-487e-abb3-1be3ccde1527} - (no file)
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: (no name) - {7482E88C-216D-415F-B008-93315AB69225} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: (no name) - {ba18bdcb-9d70-4d52-badb-edb52d6ad20d} - (no file)
O2 - BHO: (no name) - {C32BC553-A1F9-489C-BAA8-7B9C297B45DA} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {D0DD2D0B-4DF6-4195-9ECF-9000AA5EA3AA} - (no file)
O2 - BHO: (no name) - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [Pointsec Tray] C:\Program Files\Pointsec\Pointsec for PC\P95Tray.exe
O4 - HKLM\..\Run: [EMFINV] C:\Program Files\Eds\EmfInv\emfinv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe /EnsureFileVersions
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [BM01d11728] Rundll32.exe "C:\WINDOWS\system32\ckmbceqf.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer
O4 - HKCU\..\Run: [TivoNotify] "C:\Program Files\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /registry
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Password Monitor.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: VPN Client.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://*.helpdesk
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1203125582546
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - https://sslvpnpl.eds.com/ICSScanner.cab
O16 - DPF: {B4CB50E4-0309-4906-86EA-10B6641C8392} (SlimClient Class) -
O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.5.0_01) -
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} -
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = amer.corp.eds.com
O17 - HKLM\Software\..\Telephony: DomainName = amer.corp.eds.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = amer.corp.eds.com
O20 - Winlogon Notify: mlljg - C:\WINDOWS\system32\mlljg.dll (file missing)
O20 - Winlogon Notify: pmnll - C:\WINDOWS\system32\pmnll.dll (file missing)
O20 - Winlogon Notify: pmnmmnm - pmnmmnm.dll (file missing)
O20 - Winlogon Notify: vturs - C:\WINDOWS\system32\vturs.dll (file missing)
O23 - Service: ADC Client Service (ADCClientService) - Unknown owner - C:\Program Files\EDS\ADCClientServices\Client\ADCClientHost.exe
O23 - Service: ADC Download Manager Service (ADCDownloadMgrService) - Unknown owner - C:\Program Files\EDS\ADCClientServices\DownloadManager\ADCDownloadMgrHost.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Check Point SSL Network Extender (cpextender) - Check Point Software Technologies - C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: EDS Encryption Monitor (EdsEncryptionMonitor) - EDS - c:\program files\eds\ucr\edsencryptionmonitor.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\WINDOWS\LogWatNT.exe
O23 - Service: MsSecurity (MsSecurity1.203.2) - Unknown owner - C:\WINDOWS\U.exe
O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINDOWS\winself.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: OSCM Utility Service - Sprint Spectrum, L.L.C - C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
O23 - Service: Plug and Play (RPC) (PlugPlayRPC) - Unknown owner - C:\WINDOWS\winsysse.exe
O23 - Service: Pointsec - Unknown owner - C:\WINDOWS\system32\Prot_srv.exe
O23 - Service: Pointsec Connect - Pointsec Mobile Technologies AB - C:\Program Files\Pointsec\Connect\PointSecConnect.exe
O23 - Service: Pointsec Service Start (Pointsec_start) - Unknown owner - C:\WINDOWS\system32\pstartSr.exe
O23 - Service: Sabre Print (SabrePrint) - Unknown owner - C:\Program Files\The Sabre Group\Print32\OADP.EXE (file missing)
O23 - Service: ServiceCenter - Unknown owner - C:\Program Files\ServiceCenter\RUN\scservic.exe (file missing)
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
O23 - Service: IBM Trace Facility (TrcBoot) - IBM Corporation - C:\WINDOWS\System32\Drivers\trcboot.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WebDrive Service (WebDriveService) - South River Technologies, LLC - C:\Program Files\WebDrive\wdService.exe
--
End of file - 15985 bytes
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
2008-05-11 14:21
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 11/05/2008
Kaspersky Anti-Virus database records: 757206
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
E:\
Scan Statistics:
Total number of scanned objects: 95946
Number of viruses found: 19
Number of infected objects: 96
Number of suspicious objects: 4
Duration of the scan process: 03:28:10
Infected Object Name / Virus Name / Last Action
C:\Burner\Downloads\Spy Agent 4.0.exe/Deploy.exe Infected: not-a-virus:Monitor.Win32.SpyAgent.43302 skipped
C:\Burner\Downloads\Spy Agent 4.0.exe/SpyRename.exe Infected: not-a-virus:Monitor.Win32.SpyAgent.40001 skipped
C:\Burner\Downloads\Spy Agent 4.0.exe Vise: infected - 2 skipped
C:\Program Files\CA\eTrust Antivirus\DB\rtmaster.dbf Object is locked skipped
C:\Program Files\CA\eTrust Antivirus\DB\rtmaster.ntx Object is locked skipped
C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.log Object is locked skipped
C:\Program Files\EDS\ADCClientServices\Client\ADCClient_trace.log Object is locked skipped
C:\Program Files\EDS\ADCClientServices\DownloadManager\ADCDownloadMgr_trace.log Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\master.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\mastlog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\model.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\modellog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\tempdb.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\Data\templog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL\LOG\ERRORLOG Object is locked skipped
C:\Program Files\Pointsec\Pointsec for PC\ConnectLog.txt Object is locked skipped
C:\RECYCLER\S-1-5-21-300545608-800939146-3067286663-1010\Dc2\Installer\BSInstall5.2.5.1.exe/WISE0026.BIN/clientax.dll Infected: not-a-virus:AdWare.Win32.180Solutions.ao skipped
C:\RECYCLER\S-1-5-21-300545608-800939146-3067286663-1010\Dc2\Installer\BSInstall5.2.5.1.exe/WISE0026.BIN Infected: not-a-virus:AdWare.Win32.180Solutions.ao skipped
C:\RECYCLER\S-1-5-21-300545608-800939146-3067286663-1010\Dc2\Installer\BSInstall5.2.5.1.exe WiseSFX: infected - 2 skipped
C:\RECYCLER\S-1-5-21-300545608-800939146-3067286663-1010\Dc2\Installer\BSInstall5.2.5.1.exe WiseSFXDropper: infected - 2 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{96AA64F2-D582-4BE3-9AA9-9D35A6EB243A}\RP708\A0180898.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ayt skipped
C:\System Volume Information\_restore{96AA64F2-D582-4BE3-9AA9-9D35A6EB243A}\RP708\A0180900.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{96AA64F2-D582-4BE3-9AA9-9D35A6EB243A}\RP708\A0180901.dll Infected: Trojan.Win32.Monder.bs skipped
C:\System Volume Information\_restore{96AA64F2-D582-4BE3-9AA9-9D35A6EB243A}\RP708\A0180902.dll Infected: Trojan.Win32.Monder.bs skipped
C:\System Volume Information\_restore{96AA64F2-D582-4BE3-9AA9-9D35A6EB243A}\RP708\A0180903.dll Infected: Trojan.Win32.Monder.bs skipped
C:\System Volume Information\_restore{96AA64F2-D582-4BE3-9AA9-9D35A6EB243A}\RP708\A0180904.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{96AA64F2-D582-4BE3-9AA9-9D35A6EB243A}\RP708\A0180905.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{96AA64F2-D582-4BE3-9AA9-9D35A6EB243A}\RP708\A0180906.dll Infected: Trojan.Win32.Monder.bs skipped
C:\System Volume Information\_restore{96AA64F2-D582-4BE3-9AA9-9D35A6EB243A}\RP708\A0180907.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{96AA64F2-D582-4BE3-9AA9-9D35A6EB243A}\RP708\A0180908.dll Infected: Trojan.Win32.Monder.bs skipped
C:\System Volume Information\_restore{96AA64F2-D582-4BE3-9AA9-9D35A6EB243A}\RP708\A0180909.dll Infected: Trojan.Win32.Monder.bs skipped
C:\System Volume Information\_restore{96AA64F2-D582-4BE3-9AA9-9D35A6EB243A}\RP708\A0180910.dll Infected: Trojan.Win32.Monder.bs skipped
C:\System Volume Information\_restore{96AA64F2-D582-4BE3-9AA9-9D35A6EB243A}\RP708\A0180911.dll Infected: Trojan.Win32.Monder.bs skipped
C:\System Volume Information\_restore{96AA64F2-D582-4BE3-9AA9-9D35A6EB243A}\RP708\A0180912.dll Infected: Trojan.Win32.Monder.bs skipped
C:\System Volume Information\_restore{96AA64F2-D582-4BE3-9AA9-9D35A6EB243A}\RP708\A0180913.dll Infected: Trojan.Win32.Monder.bs skipped
C:\System Volume Information\_restore{96AA64F2-D582-4BE3-9AA9-9D35A6EB243A}\RP708\A0180914.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{96AA64F2-D582-4BE3-9AA9-9D35A6EB243A}\RP708\A0180915.dll Infected: Trojan.Win32.Monder.bs skipped
C:\System Volume Information\_restore{96AA64F2-D582-4BE3-9AA9-9D35A6EB243A}\RP708\A0180916.dll Infected: Trojan.Win32.Monder.bs skipped
C:\System Volume Information\_restore{96AA64F2-D582-4BE3-9AA9-9D35A6EB243A}\RP708\A0180917.dll Infected: Trojan.Win32.Monder.bs skipped
C:\System Volume Information\_restore{96AA64F2-D582-4BE3-9AA9-9D35A6EB243A}\RP708\A0180918.dll Infected: Trojan.Win32.Monder.bs skipped
C:\System Volume Information\_restore{96AA64F2-D582-4BE3-9AA9-9D35A6EB243A}\RP708\A0180919.dll Infected: Trojan.Win32.Monder.bs skipped
C:\System Volume Information\_restore{96AA64F2-D582-4BE3-9AA9-9D35A6EB243A}\RP708\A0180920.dll Infected: Trojan.Win32.Monder.bs skipped
C:\System Volume Information\_restore{96AA64F2-D582-4BE3-9AA9-9D35A6EB243A}\RP708\A0180921.dll Infected: Trojan.Win32.Monder.bs skipped
C:\System Volume Information\_restore{96AA64F2-D582-4BE3-9AA9-9D35A6EB243A}\RP730\A0185474.dll Infected: Trojan.Win32.Monder.bs skipped
C:\System Volume Information\_restore{96AA64F2-D582-4BE3-9AA9-9D35A6EB243A}\RP730\change.log Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\colbact.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comuid.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\es.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\migregdb.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\ole32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\txflog.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\dao360.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\expsrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\msexch40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\msexcl40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\msjet40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\msjetol1.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\msjetoledb40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\msjint40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\msjter40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\msjtes40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\msltus40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\mspbde40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\msrd2x40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\msrd3x40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\msrepl40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\mstext40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\mswdat10.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\mswstr10.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\msxbde40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB829558$\vbajet32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB833987$\sxs.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB833998$\shell32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB833998$\sxs.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\callcont.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\cmdevtgprov.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\evtgprov.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323.tsp Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msgina.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mst120.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\schannel.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\xpsp2res.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\dao360.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msexcl40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjet40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjetol1.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjetoledb40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjtes40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB839645$\xpsp2res.dll Object is locked skipped
C:\WINDOWS\$NtUninstallQ828026$\msdxm.ocx Object is locked skipped
C:\WINDOWS\$NtUninstallQ828026$\wmpcore.dll Object is locked skipped
C:\WINDOWS\antisp32.exe Infected: Trojan-Downloader.Win32.Agent.oht skipped
C:\WINDOWS\Debug\Netlogon.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\default.htm Infected: not-virus:Hoax.HTML.Secureinvites.b skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\lfn.exe Infected: not-virus:Hoax.Win32.Renos.cda skipped
C:\WINDOWS\oopsdefault.htm Infected: not-virus:Hoax.HTML.Secureinvites.b skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\bhfiekxd.dll Infected: Trojan.Win32.KillAV.rf skipped
C:\WINDOWS\system32\bhybnbjv.dll Infected: Trojan.Win32.KillAV.rf skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\CCM\Cache\000001AE.10.System\Documents\Summary_files\BIT85D.tmp Object is locked skipped
C:\WINDOWS\system32\CCM\Logs\CAS.log Object is locked skipped
C:\WINDOWS\system32\CCM\Logs\CcmExec.log Object is locked skipped
C:\WINDOWS\system32\CCM\Logs\CertificateMaintenance.log Object is locked skipped
C:\WINDOWS\system32\CCM\Logs\ClientIDManagerStartup.log Object is locked skipped
C:\WINDOWS\system32\CCM\Logs\ContentTransferManager.log Object is locked skipped
C:\WINDOWS\system32\CCM\Logs\DataTransferService.log Object is locked skipped
C:\WINDOWS\system32\CCM\Logs\execmgr.log Object is locked skipped
C:\WINDOWS\system32\CCM\Logs\InventoryAgent.log Object is locked skipped
C:\WINDOWS\system32\CCM\Logs\LocationServices.log Object is locked skipped
C:\WINDOWS\system32\CCM\Logs\mtrmgr.log Object is locked skipped
C:\WINDOWS\system32\CCM\Logs\PatchInstall.log Object is locked skipped
C:\WINDOWS\system32\CCM\Logs\PatchUIMonitor.log Object is locked skipped
C:\WINDOWS\system32\CCM\Logs\PolicyAgent.log Object is locked skipped
C:\WINDOWS\system32\CCM\Logs\PolicyAgentProvider.log Object is locked skipped
C:\WINDOWS\system32\CCM\Logs\PolicyEvaluator.log Object is locked skipped
C:\WINDOWS\system32\CCM\Logs\Scheduler.log Object is locked skipped
C:\WINDOWS\system32\CCM\Logs\SrcUpdateMgr.log Object is locked skipped
C:\WINDOWS\system32\CCM\Logs\StatusAgent.log Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\CertificateMaintenanceEndpoint\0000006R.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\CertificateMaintenanceEndpoint\0000006R.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\CTMDTSReply\00000026.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\CTMDTSReply\00000026.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\execmgr\00000011.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\execmgr\00000011.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\InventoryAgent\00000005.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\InventoryAgent\00000005.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\LS_ReplyLocations\0000000V.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\LS_ReplyLocations\0000000V.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\LS_ScheduledCleanup\0000001Y.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\LS_ScheduledCleanup\0000001Y.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\MtrMgr\00000001.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\MtrMgr\00000001.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PatchUIMonitor\00000001.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PatchUIMonitor\00000001.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_Cleanup\00000011.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_Cleanup\00000011.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_PolicyDownload\00000007.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_PolicyDownload\00000007.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_PolicyEvaluator\000003NU.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_PolicyEvaluator\000003NU.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_ReplyAssignments\00000006.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_ReplyAssignments\00000006.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_RequestAssignments\0000018M.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_RequestAssignments\0000018M.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_ReRequestPolicy\00000001.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\PolicyAgent_ReRequestPolicy\00000001.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\RemoteToolsAgent\00000001.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\RemoteToolsAgent\00000001.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\SrcUpdateMgr\00000001.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\SrcUpdateMgr\00000001.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\SWMTRReportGen\00000001.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\SWMTRReportGen\00000001.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\UpdatesInstallMgr\00000001.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\UpdatesInstallMgr\00000001.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\UploadProtocol\00000001.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\EndpointQueues\UploadProtocol\00000001.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\amp_[http]mp_locationmanager\0000007X.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\amp_[http]mp_locationmanager\0000007X.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\direct_usahsemf200_uploadprotocol\00000001.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\direct_usahsemf200_uploadprotocol\00000001.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\direct_usplsemf100_uploadprotocol\00000001.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\direct_usplsemf100_uploadprotocol\00000001.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_mp_ddrendpoint\00000001.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_mp_ddrendpoint\00000001.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_mp_hinvendpoint\00000003.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_mp_hinvendpoint\00000003.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_mp_sinvendpoint\00000001.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_mp_sinvendpoint\00000001.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_statusreceiver\0000001D.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_statusreceiver\0000001D.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_statusreceiver\0000001E.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_statusreceiver\0000001E.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_[http]mp_locationmanager\000000FG.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_[http]mp_locationmanager\000000FG.que Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_[http]mp_policymanager\000000EK.msg Object is locked skipped
C:\WINDOWS\system32\CCM\ServiceData\Messaging\OutgoingQueues\mp_[http]mp_policymanager\000000EK.que Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\Pointsec.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\cwyafebp.dll Infected: Trojan.Win32.KillAV.rf skipped
C:\WINDOWS\system32\dxbvawne.dll Infected: Trojan.Win32.KillAV.rf skipped
C:\WINDOWS\system32\eijdxjwb.dll Infected: Trojan.Win32.KillAV.rf skipped
C:\WINDOWS\system32\eujxdgfs.dll Infected: Trojan.Win32.KillAV.rf skipped
C:\WINDOWS\system32\fehcgspx.dll Infected: Trojan.Win32.KillAV.rf skipped
C:\WINDOWS\system32\fettxpoe.dll Infected: Trojan.Win32.KillAV.rf skipped
C:\WINDOWS\system32\gabjmhju.dll Infected: Trojan.Win32.KillAV.rf skipped
C:\WINDOWS\system32\gpnawwkj.dll Infected: Trojan.Win32.KillAV.rf skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\hlnbjiio.dll Infected: Trojan.Win32.KillAV.rf skipped
C:\WINDOWS\system32\ijkbbxfs.dll Infected: Trojan.Win32.KillAV.rf skipped
C:\WINDOWS\system32\inrynpvy.dll Infected: Trojan.Win32.KillAV.rf skipped
C:\WINDOWS\system32\jsrsxxkw.dll Infected: Trojan.Win32.KillAV.rf skipped
C:\WINDOWS\system32\lgjxgbfa.dll Infected: Trojan.Win32.KillAV.rf skipped
C:\WINDOWS\system32\lhriqtiq.dll Infected: Trojan.Win32.KillAV.rf skipped
C:\WINDOWS\system32\lkgrxdlm.dll Infected: Trojan.Win32.KillAV.rf skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\lpfbocna.dll Infected: Trojan.Win32.KillAV.rf skipped
C:\WINDOWS\system32\lucjklcc.dll Infected: Trojan.Win32.KillAV.rf skipped
C:\WINDOWS\system32\nxcafooy.dll Infected: Trojan.Win32.KillAV.rf skipped
C:\WINDOWS\system32\rxddomwr.dll Infected: Trojan.Win32.KillAV.rf skipped
C:\WINDOWS\system32\sgxhppts.dll Infected: Trojan.Win32.KillAV.rf skipped
C:\WINDOWS\system32\slmowucl.dll Infected: Trojan.Win32.KillAV.rf skipped
C:\WINDOWS\system32\vxrvfhut.dll Infected: Trojan.Win32.KillAV.rf skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\wcvxedtq.dll Infected: Trojan.Win32.KillAV.rf skipped
C:\WINDOWS\system32\whivvpau.dll Infected: Trojan.Win32.KillAV.rf skipped
C:\WINDOWS\system32\wmsdkns.exe Infected: not-virus:Hoax.Win32.Renos.cda skipped
C:\WINDOWS\system32\wugehanj.dll Infected: Trojan.Win32.KillAV.rf skipped
C:\WINDOWS\Temp\Perflib_Perfdata_3ac.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\winself.exe Infected: Trojan-Downloader.Win32.Agent.oht skipped
D:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
D:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
D:\Documents and Settings\All Users\Application Data\QSLLPSVCShare Object is locked skipped
D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SecondThoughtSTCLoader.zip/stcloader.exe Suspicious: Password-protected-EXE skipped
D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SecondThoughtSTCLoader.zip ZIP: suspicious - 1 skipped
D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SecondThoughtSTCLoader5.zip/stcloader.exe Suspicious: Password-protected-EXE skipped
D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SecondThoughtSTCLoader5.zip ZIP: suspicious - 1 skipped
D:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
D:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
D:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
D:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
D:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
D:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
D:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
D:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
D:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
D:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
D:\Documents and Settings\xzj7d3\Application Data\$_hpcst$.hpc Object is locked skipped
D:\Documents and Settings\xzj7d3\Cookies\index.dat Object is locked skipped
D:\Documents and Settings\xzj7d3\Local Settings\Application Data\Microsoft\Outlook\2005archive.pst/2005 Archive Folders/Deleted Items/Funnies/03 May 2001 14:48 from Lenny Ingve:FW: Tornado/GIROGI~1.EXE Infected: not-virus:BadJoke.Win32.Train skipped
D:\Documents and Settings\xzj7d3\Local Settings\Application Data\Microsoft\Outlook\2005archive.pst MailMSMaill: infected - 1 skipped
D:\Documents and Settings\xzj7d3\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
D:\Documents and Settings\xzj7d3\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
D:\Documents and Settings\xzj7d3\Local Settings\History\History.IE5\index.dat Object is locked skipped
D:\Documents and Settings\xzj7d3\Local Settings\Temp\WCESLog.log Object is locked skipped
D:\Documents and Settings\xzj7d3\Local Settings\Temp\~DFD8C7.tmp Object is locked skipped
D:\Documents and Settings\xzj7d3\Local Settings\Temporary Internet Files\Content.IE5\0WI3RMS3\m7[1] Infected: Trojan.Win32.Monder.bs skipped
D:\Documents and Settings\xzj7d3\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
D:\Documents and Settings\xzj7d3\My Documents\ubcdwin\plugin\Network\ipscan\ipscan.exe Infected: not-a-virus:NetTool.Win32.Portscan.c skipped
D:\Documents and Settings\xzj7d3\My Documents\ubcdwin\plugin\Network\netcat\files\nc.exe Infected: not-a-virus:RemoteAdmin.Win32.NetCat skipped
D:\Documents and Settings\xzj7d3\My Documents\ubcdwin\plugin\Network\ultravnc\files\vnchooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.e skipped
D:\Documents and Settings\xzj7d3\My Documents\ubcdwin\plugin\Network\ultravnc\files\winvnc.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.e skipped
D:\Documents and Settings\xzj7d3\My Documents\ubcdwin\plugin\Network\VNCServer\vncconfig.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
D:\Documents and Settings\xzj7d3\My Documents\ubcdwin\plugin\Network\VNCServer\winvnc4.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
D:\Documents and Settings\xzj7d3\My Documents\ubcdwin\plugin\Network\VNCServer\wm_hooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
D:\Documents and Settings\xzj7d3\My Documents\ubcdwin\plugin\System-Info\Information\keyfinderpe\keyfinder.exe/data.rar/xpkey.exe Infected: not-a-virus:PSWTool.Win32.RAS.g skipped
D:\Documents and Settings\xzj7d3\My Documents\ubcdwin\plugin\System-Info\Information\keyfinderpe\keyfinder.exe/data.rar/officekey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
D:\Documents and Settings\xzj7d3\My Documents\ubcdwin\plugin\System-Info\Information\keyfinderpe\keyfinder.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
D:\Documents and Settings\xzj7d3\My Documents\ubcdwin\plugin\System-Info\Information\keyfinderpe\keyfinder.exe RarSFX: infected - 3 skipped
D:\Documents and Settings\xzj7d3\My Documents\ubcdwin\UBCD4WinV302.exe/plugin/Network/ipscan/ipscan.exe Infected: not-a-virus:NetTool.Win32.Portscan.c skipped
D:\Documents and Settings\xzj7d3\My Documents\ubcdwin\UBCD4WinV302.exe/plugin/System-Info/Information/keyfinderpe/keyfinder.exe/data.rar/xpkey.exe Infected: not-a-virus:PSWTool.Win32.RAS.g skipped
D:\Documents and Settings\xzj7d3\My Documents\ubcdwin\UBCD4WinV302.exe/plugin/System-Info/Information/keyfinderpe/keyfinder.exe/data.rar/officekey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
D:\Documents and Settings\xzj7d3\My Documents\ubcdwin\UBCD4WinV302.exe/plugin/System-Info/Information/keyfinderpe/keyfinder.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
D:\Documents and Settings\xzj7d3\My Documents\ubcdwin\UBCD4WinV302.exe/plugin/System-Info/Information/keyfinderpe/keyfinder.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
D:\Documents and Settings\xzj7d3\My Documents\ubcdwin\UBCD4WinV302.exe/plugin/Network/netcat/files/nc.exe Infected: not-a-virus:RemoteAdmin.Win32.NetCat skipped
D:\Documents and Settings\xzj7d3\My Documents\ubcdwin\UBCD4WinV302.exe/plugin/Network/VNCServer/vncconfig.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
D:\Documents and Settings\xzj7d3\My Documents\ubcdwin\UBCD4WinV302.exe/plugin/Network/ultravnc/files/winvnc.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.e skipped
D:\Documents and Settings\xzj7d3\My Documents\ubcdwin\UBCD4WinV302.exe/plugin/Network/VNCServer/winvnc4.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
D:\Documents and Settings\xzj7d3\My Documents\ubcdwin\UBCD4WinV302.exe/plugin/Network/ultravnc/files/vnchooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.e skipped
D:\Documents and Settings\xzj7d3\My Documents\ubcdwin\UBCD4WinV302.exe/plugin/Network/VNCServer/wm_hooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
D:\Documents and Settings\xzj7d3\My Documents\ubcdwin\UBCD4WinV302.exe RAR: infected - 11 skipped
D:\Documents and Settings\xzj7d3\NTUSER.DAT Object is locked skipped
D:\Documents and Settings\xzj7d3\NTUSER.DAT.LOG Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{96AA64F2-D582-4BE3-9AA9-9D35A6EB243A}\RP708\A0181055.dll Infected: Trojan.Win32.Monder.gen skipped
D:\System Volume Information\_restore{96AA64F2-D582-4BE3-9AA9-9D35A6EB243A}\RP708\A0181062.exe/WISE0104.BIN/stream/data0005 Infected: not-a-virus:AdWare.Win32.Mostofate.j skipped
D:\System Volume Information\_restore{96AA64F2-D582-4BE3-9AA9-9D35A6EB243A}\RP708\A0181062.exe/WISE0104.BIN/stream Infected: not-a-virus:AdWare.Win32.Mostofate.j skipped
D:\System Volume Information\_restore{96AA64F2-D582-4BE3-9AA9-9D35A6EB243A}\RP708\A0181062.exe/WISE0104.BIN Infected: not-a-virus:AdWare.Win32.Mostofate.j skipped
D:\System Volume Information\_restore{96AA64F2-D582-4BE3-9AA9-9D35A6EB243A}\RP708\A0181062.exe WiseSFX: infected - 3 skipped
D:\System Volume Information\_restore{96AA64F2-D582-4BE3-9AA9-9D35A6EB243A}\RP708\A0181062.exe WiseSFXDropper: infected - 3 skipped
D:\System Volume Information\_restore{96AA64F2-D582-4BE3-9AA9-9D35A6EB243A}\RP730\change.log Object is locked skipped
Scan process completed.
Thanx in advance