Heres the Trendmicro report:
Virus Scan 0 virus cleaned, 10 viruses deleted
Results:
We have detected 11 infected file(s) with 11 virus(es) on your computer. Only 0 out of 0 infected files are displayed: - 0 virus(es) passed, 0 virus(es) no action available
- 0 virus(es) cleaned, 0 virus(es) uncleanable
- 10 virus(es) deleted, 1 virus(es) undeletable
- 0 virus(es) not found, 0 virus(es) unaccessible
Detected File Associated Virus Name Action Taken
C:\Documents and Settings\JSkidmore\Local Settings\Temp\Del1B.tmp TROJ_AGENT.RS Deletion successful
C:\Documents and Settings\JSkidmore\Local Settings\Temp\f641468.exe TROJ_QOOLOGIC.D Deletion successful
C:\RECYCLER\S-1-5-21-1898082997-3087016331-799121778-500\Dc6.exe TROJ_STARTPAG.QY Deletion successful
C:\WINDOWS\system32\conres.cpl TROJ_QOOLOGIC.P Deletion successful
C:\WINDOWS\system32\datadx.dll TROJ_QOOLOGIC.P Deletion successful
C:\WINDOWS\system32\dmdon32.exe TROJ_APROPO.H Undeletable
C:\WINDOWS\system32\elitemuf32.exe TROJ_STARTPAG.QY Deletion successful
C:\WINDOWS\system32\elitewva32.exe TROJ_STARTPAG.QY Deletion successful
C:\WINDOWS\system32\installer_MARKETING30.exe TROJ_DLOADER.MG Deletion successful
C:\WINDOWS\system32\pbuub.dat TROJ_QOOLOGIC.N Deletion successful
C:\WINDOWS\system32\ps1.exe TROJ_DLOADER.OR Deletion successful
Trojan/Worm Check 0 worm/Trojan horse deleted
What we checked:
Malicious activity by a Trojan horse program. Although a Trojan seems like a harmless program, it contains malicious code and once installed can cause damage to your computer.
Results:
We have detected 0 Trojan horse program(s) and worm(s) on your computer. Only 0 out of 0 Trojan horse programs and worms are displayed: - 0 worm(s)/Trojan(s) passed, 0 worm(s)/Trojan(s) no action available
- 0 Worm(s)/Trojan(s) deleted, 0 worm(s)/Trojan(s) undeletable
Trojan/Worm Name Trojan/Worm Type Action Taken
Spyware Check 1 spyware program removed
What we checked:
Whether personal information was tracked and reported by spyware. Spyware is often installed secretly with legitimate programs downloaded from the Internet.
Results:
We have detected 51 spyware(s) on your computer. Only 0 out of 0 spywares are displayed: - 49 spyware(s) passed, 0 spyware(s) no action available
- 1 spyware(s) removed, 1 spyware(s) unremovable
Spyware Name Spyware Type Action Taken
COOKIE_45 Cookie Pass
COOKIE_153 Cookie Pass
COOKIE_169 Cookie Pass
COOKIE_174 Cookie Pass
COOKIE_193 Cookie Pass
COOKIE_222 Cookie Pass
COOKIE_442 Cookie Pass
COOKIE_611 Cookie Pass
COOKIE_650 Cookie Pass
COOKIE_701 Cookie Pass
COOKIE_722 Cookie Pass
COOKIE_741 Cookie Pass
COOKIE_861 Cookie Pass
COOKIE_936 Cookie Pass
COOKIE_1169 Cookie Pass
COOKIE_1314 Cookie Pass
COOKIE_1523 Cookie Pass
COOKIE_1738 Cookie Pass
COOKIE_1944 Cookie Pass
COOKIE_2060 Cookie Pass
COOKIE_2081 Cookie Pass
COOKIE_2136 Cookie Pass
COOKIE_2218 Cookie Pass
COOKIE_2238 Cookie Pass
COOKIE_2250 Cookie Pass
COOKIE_2275 Cookie Pass
COOKIE_2281 Cookie Pass
COOKIE_2314 Cookie Pass
COOKIE_2513 Cookie Pass
COOKIE_2631 Cookie Pass
COOKIE_2741 Cookie Pass
COOKIE_2817 Cookie Pass
COOKIE_2842 Cookie Pass
COOKIE_2921 Cookie Pass
COOKIE_3004 Cookie Pass
COOKIE_3009 Cookie Pass
COOKIE_3163 Cookie Pass
COOKIE_3187 Cookie Pass
COOKIE_3188 Cookie Pass
COOKIE_3190 Cookie Pass
COOKIE_3191 Cookie Pass
COOKIE_3193 Cookie Pass
COOKIE_3195 Cookie Pass
COOKIE_3196 Cookie Pass
COOKIE_3201 Cookie Pass
ADW_POPBAR.A Adware Removal successful (Please reboot your machine)
COOKIE_3206 Cookie Pass
COOKIE_6853 Cookie Pass
COOKIE_3235 Cookie Pass
COOKIE_3237 Cookie Pass
ADW_APROPOS.O Adware Unremovable
Microsoft Vulnerability Check 2 vulnerabilities detected
What we checked:
Microsoft known security vulnerabilities. These are issues Microsoft has identified and released Critical Updates to fix.
Results:
We have detected 2 vulnerability/vulnerabilities on your computer. Only 0 out of 0 vulnerabilities are displayed.
Risk Level Issue How to Fix
Important This remote code execution vulnerability could allow a malicious user or a malware to take complete control of the affected system if the affected user is currently logged on with administrative privileges. The malicious user or malware can execute code on the system giving them the ability to install or run programs and view or edit data with full privileges. Thus, this vulnerability can conceivably be used by a malware for replication purposes.;The vulnerability is caused by an unchecked buffer in the Microsoft Office WordPerfect Converter. MS04-027
Critical This vulnerability lies in the way the affected components process JPEG image files. An unchecked buffer within this process is the cause of the vulnerability.;This remote code execution vulnerability could allow a malicious user or a malware to take complete control of the affected system if the affected user is currently logged on with administrative privileges. The malicious user or malware can execute arbitrary code on the system giving them the ability to install or run programs and view or edit data with full privileges. Thus, this vulnerability can conceivably be used by a malware for replication purposes. MS04-028
HiJack this log:
Logfile of HijackThis v1.99.1
Scan saved at 4:36:19 PM, on 7/25/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\ORL\VNC\WinVNC.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\system32\jannar.exe
C:\WINDOWS\system32\dmdon32.exe
C:\WINDOWS\system32\dmafdisk.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Aprps\CxtPls.exe
C:\WINDOWS\System32\WISPTIS.EXE
C:\WINDOWS\system32\mstsc.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\userinit.exe
C:\HIJackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://go.compaq.com...DT/0409/bl8.aspR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.compaq.com...DT/0409/bl7.aspR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 172.28.8.*;wtsawww3;bpm.wtsa.com;fescoweb
O1 - Hosts: 205.218.54.132 wtsawww2
O1 - Hosts: 172.28.8.18 GENSYS1
O1 - Hosts: 172.28.8.30 EDIDEV1
O1 - Hosts: 172.28.8.25 EDISERV1
O1 - Hosts: 172.28.8.27 TERMSERV4
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\ORL\VNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\jannar.exe reg_run
O4 - HKLM\..\Run: [sE5X3si] dmdon32.exe
O4 - HKCU\..\Run: [dpu7RiG8l] dmafdisk.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - Startup: map.bat
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) -
http://my.uo.com/fonts/tdserver.cabO16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) -
http://housecall60.t...all/xscan60.cabO16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) -
http://www.wtsa.com/citrix/wficat.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://v5.windowsupd...b?1118159385453O17 - HKLM\System\CCS\Services\Tcpip\..\{5C738559-A106-4D07-A597-018428CA8289}: NameServer = 205.218.54.80,0.0.0.0
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\ORL\VNC\WinVNC.exe" -service (file missing)
HiJack this unistall log:
Ad-Aware SE Personal
Adobe Reader 7.0
Broadcom Management Programs
Citrix ICA Client
Citrix ICA Web Client
Google Earth
HijackThis 1.99.1
Intel® Extreme Graphics Driver
J2SE Runtime Environment 5.0 Update 2
Java 2 Runtime Environment, SE v1.4.2_03
LiveUpdate 1.7 (Symantec Corporation)
Microsoft Office Professional Edition 2003
Microsoft SQL Server 2000
Microsoft Visual Studio 6.0 Enterprise Edition
Microsoft Web Publishing Wizard 1.53
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB903235)
SoundMAX
Spybot - Search & Destroy 1.3
Symantec AntiVirus Client
Update for Windows XP (KB898461)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinVNC 3.3.3
WinZip
Thanks for the help.