[RatHat]

I still cannot find the dropper here, so I want to try something unorthodox.

Download TrojanHunter trial version from here. This program detects Daonol but will not clean it.

Once downloaded install the program by double clicking TrojanHunterSetup.exe and following the prompts.

When it has completed the installation, open the program and click Continue Evaluation

In the main window, click on Options, then under Advanced check:

• Log NTFS Alternate Data Streams
• Warn on executable files with double extensions

Now click the Scan button above the Schedule button
Put a tick in the My Computer box, then uncheck the Floppy Drive and DVD drive boxes.

Click on Full Scan and allow the scan to complete.

When the scan has finished, go to File and choose Save Scan Report...

Save the report to your desktop, then open it and post the contents here.

[Advertisements]

TrojanHunter Scan Report - Saved 2009-01-16 11:15

Found NTFS alternate data stream: C:\Documents and Settings\All Users.WINDOWS\Documents\My Pictures\Sample Pictures\Thumbs.db:encryptable:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Backup\ExcelTrendline.doc:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Backup\Interim Feedback - CAUNT.ppt:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Backup\MSci Projects Offered 2007-08.doc:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Backup\Runner LTD TBOA + Ifen (n=4,3).xls:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Backup\TBOA graphs.cdr:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Backup\Thumbs.db:encryptable:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\clare + julie.JPG:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Clean up\ATF-Cleaner.exe:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Clean up\ccsetup215.exe:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Clean up\cureit.exe:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Clean up\Flash_Disinfector.exe:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Clean up\GooredFix.exe:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Clean up\HJTInstall.exe:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Clean up\mbam-setup.exe:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Clean up\RootRepeal\RootRepeal.exe:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Clean up\RootRepeal.zip:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Clean up\Thumbs.db:encryptable:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\FileInfo\FileInfo.vbs:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\FileInfo.zip:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Lab\Conferences\Thumbs.db:encryptable:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Lab\Molecular biology clean back up\Calcium channels with Rob\Rob's suggestions\Thumbs.db:encryptable:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Lab\Molecular biology clean back up\Calcium channels with Rob\WB1\April1-08\Thumbs.db:encryptable:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Lab\Molecular biology clean back up\Calcium channels with Rob\WB1\March 28_1.2+1.3_CA1+DG\Thumbs.db:encryptable:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Lab\Molecular biology clean back up\Calcium channels with Rob\WB1\March27-08\Thumbs.db:encryptable:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Lab\Molecular biology clean back up\Calcium channels with Rob\WB1\Thumbs.db:encryptable:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Lab\Molecular biology clean back up\GSH with Choi\GSH assay Samples 1\103008GSH-1.txt:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Lab\Molecular biology clean back up\GSH with Choi\GSH assay Samples 1\103008GSH-2.txt:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Lab\Molecular biology clean back up\GSH with Choi\GSH assay Samples 1\103008GSH-2nocutoff.txt:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Lab\Molecular biology clean back up\GSH with Choi\GSH assay Samples 1\103008GSH-3nocutoff.txt:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Lab\Molecular biology clean back up\GSH with Choi\GSH assay Samples 1\GSH assay.pzf:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Lab\Molecular biology clean back up\GSH with Choi\GSH assay Samples 1\GSH assay.xls:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Lab\Molecular biology clean back up\GSH with Choi\GSH assay Samples 2\111208 GSH-1-1.txt:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Lab\Molecular biology clean back up\GSH with Choi\GSH assay Samples 2\111208 GSH-1.txt:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Lab\Molecular biology clean back up\GSH with Choi\GSH assay Samples 2\111208 GSH-2nocutoff.txt:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Lab\Molecular biology clean back up\GSH with Choi\GSH assay Samples 2\111208 GSH-3cutoffat420.txt:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Lab\Molecular biology clean back up\GSH with Choi\GSH assay Samples 2\111208 GSH.txt:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Lab\Molecular biology clean back up\GSH with Choi\GSH assay Samples 3\120308340420GSH-1.txt:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Lab\Molecular biology clean back up\GSH with Choi\GSH assay Samples 3\120308340420GSH-2.txt:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Lab\Molecular biology clean back up\GSH with Choi\GSH assay Samples 3\120308340420GSH-2nocutoff.txt:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Lab\Molecular biology clean back up\GSH with Choi\GSH assay Samples 3\120308340420GSH.txt:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Lab\Molecular biology clean back up\GSH with Choi\Papers\nihms11874[1].pdf:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Lab\Molecular biology clean back up\GSH with Choi\Protein assay Samples 1\21.txt:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Lab\Molecular biology clean back up\GSH with Choi\RyR IP GSH probe dot blot\112008 ip-dot GSH probe 20.1sc:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Lab\Molecular biology clean back up\GSH with Choi\RyR IP GSH probe dot blot\112008 ip-dot GSH probe 20.tif:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Lab\Molecular biology clean back up\GSH with Choi\RyR IP GSH probe dot blot\112008 ip-dot GSH probe 40.1sc:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Lab\Molecular biology clean back up\GSH with Choi\RyR IP GSH probe dot blot\112008 ip-dot GSH probe 40.tif:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Lab\Molecular biology clean back up\GSH with Choi\RyR IP GSH probe dot blot\Thumbs.db:encryptable:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Lab\Molecular biology clean back up\GSH with Choi\RyR IP GSH probe Western\112408 a 300 ip w RyR and probed w GSH.1sc:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Lab\Molecular biology clean back up\GSH with Choi\RyR IP GSH probe Western\112408 a 300 ip w RyR and probed w GSH.tif:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Lab\Molecular biology clean back up\GSH with Choi\RyR IP GSH probe Western\112408 b 300 ip w RyR and probed w GSH.1sc:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Lab\Molecular biology clean back up\GSH with Choi\RyR IP GSH probe Western\112408 b 300 ip w RyR and probed w GSH.tif:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Lab\Molecular biology clean back up\GSH with Choi\RyR IP GSH probe Western\Thumbs.db:encryptable:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Lab\Molecular biology clean back up\GSH with Choi\RyR IP RyR probe Western\112408 a 60 ip w RyR and probed ryr.1sc:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Lab\Molecular biology clean back up\GSH with Choi\RyR IP RyR probe Western\112408 a 60 ip w RyR and probed ryr.tif:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Lab\Molecular biology clean back up\GSH with Choi\RyR IP RyR probe Western\112408 b 200 ip w RyR and probed ryr.1sc:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Lab\Molecular biology clean back up\GSH with Choi\RyR IP RyR probe Western\112408 b 200 ip w RyR and probed ryr.tif:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Lab\Molecular biology clean back up\GSH with Choi\RyR IP RyR probe Western\Thumbs.db:encryptable:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Lab\Thumbs.db:encryptable:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\OTScanIt2.exe:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Programs\FileFormatConverters.exe:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Programs\Firefox Setup 2.0.0.4.exe:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Programs\pclamp920011.exe:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\RootRepeal\RootRepeal.exe:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\RootRepeal.zip:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\setup_7.0.0.290_13.01.2009_20-21.exe:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\TrojanHunterSetup.exe:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Local Settings\Temp\Temporary Directory 1 for runscanner.zip\RunScanner.exe:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\My Documents\Alina\Alina\ACC Animal Order Form.doc:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\My Documents\Alina\Receipt_PrinterFriendly_files\Thumbs.db:encryptable:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\My Documents\Alina\revisedchapter30.pdf:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\My Documents\Brennan\Brennan\EadieGBB2005v1.doc:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\My Documents\Brennan\Brennan\EadieHIP2005v1.doc:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\My Documents\Brennan\DATA\FromShervin\1)--July-04-05.xls:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\My Documents\Brennan\DATA\FromShervin\1)--July-05.xls:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\My Documents\Brennan\DATA\FromShervin\1)--June-29-05.xls:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\My Documents\Brennan\DATA\FromShervin\1)--June-29-05a.xls:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\My Documents\Brennan\DATA\FromShervin\1-June-06-03.xls:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\My Documents\Brennan\DATA\FromShervin\1-June-07-05 (Brennan's).xls:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\My Documents\Brennan\DATA\FromShervin\1-June-07-05.xls:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\My Documents\Brennan\DATA\FromShervin\1-LTP-Sherv's Rig-June-06-05.xls:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\My Documents\Brennan\DATA\FromShervin\2)--July-04-05.xls:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\My Documents\Brennan\DATA\FromShervin\2)--July-05.xls:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\My Documents\Brennan\DATA\FromShervin\2-June-06-03.xls:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\My Documents\Brennan\DATA\FromShervin\2-June-07-05 (Brennan's).xls:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\My Documents\Brennan\DATA\FromShervin\2-June-07-05.xls:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\My Documents\Brennan\DATA\FromShervin\2-LTP-Sherv's Rig-June-06-05.xls:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\My Documents\Brennan\DATA\FromShervin\3)--July-05.xls:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\My Documents\Brennan\DATA\FromShervin\4)--July-05.xls:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\My Documents\Brennan\DATA\FromShervin\data.zip:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\My Documents\Brennan\DATA\MeCP2005\MeCP2Con13F5LTBScVasuta.xls:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\My Documents\Brennan\EadieGBB2005v2nofigs.doc:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\My Documents\Charlie\Images\Thumbs.db:encryptable:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\My Documents\Charlie\NO notes.doc:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\My Documents\Charlie\Papers\LTPhowtomanual.pdf:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\My Documents\Charlie\Papers\Theelectrophysiologysetup.pdf:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\My Documents\Charlie\Therapeutic applications.doc:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\My Documents\Cristina\Cristina Vasuta\Discuss the implications for neuroscience.doc:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\My Documents\Cristina\Cristina Vasuta\latest recordings\August 29 (field).xls:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\My Documents\Cristina\Cristina Vasuta\traces rig 1\ACSF control baseline LTP.xls:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\My Documents\Cristina\Cristina Vasuta\traces rig 1\ACSF control posttet LTP.xls:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\My Documents\Cristina\Cristina Vasuta\traces rig 1\ACSF Runner baseline LTP.xls:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\My Documents\Cristina\Cristina Vasuta\traces rig 1\ACSF Runner posttet LTP.xls:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\My Documents\Cristina\Cristina Vasuta\traces rig 1\Ifenprodil control baseline LTP.xls:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\My Documents\Cristina\Cristina Vasuta\traces rig 1\Ifenprodil control LTP.xls:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\My Documents\Cristina\Cristina Vasuta\traces rig 1\Ifenprodil Runner baseline LTP.xls:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\My Documents\Cristina\Cristina Vasuta\traces rig 1\Ifenprodil Runner posttet LTP.xls:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\My Documents\Cristina\Cristina Vasuta\traces rig 1\NVP control baseline LTD.xls:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\My Documents\Cristina\Cristina Vasuta\traces rig 1\NVP control baseline LTP.xls:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\My Documents\Cristina\Cristina Vasuta\traces rig 1\NVP control posttet LTD.xls:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\My Documents\Cristina\Cristina Vasuta\traces rig 1\NVP control posttet LTP.xls:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\My Documents\Cristina\Cristina Vasuta\traces rig 1\NVP runner baseline LTD.xls:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\My Documents\Cristina\Cristina Vasuta\traces rig 1\NVP runner baseline LTP.xls:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\My Documents\Cristina\Cristina Vasuta\traces rig 1\NVP runner posttet LTD.xls:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\My Documents\Cristina\Cristina Vasuta\traces rig 1\NVP runner posttet LTP.xls:Zone.Identifier:$DATA
Warning: Executable file with double extensions found: C:\hp\drivers\hpiz423\setup\CCC\HpRegSecChkFix_v1_1_10.sig.exe
Found NTFS alternate data stream: C:\Julie\Articles\03Colcombe-Kramer.pdf:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Julie\Articles\Glutathione\nAC and A beta.pdf:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Julie\Articles\Glutathione\nAC and glutathione.pdf:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Julie\Articles\Glutathione\nAC as Glutathione precursor.pdf:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Julie\Conferences etc\CAN 2008\Thumbs.db:encryptable:$DATA
Found NTFS alternate data stream: C:\Julie\Conferences etc\Thumbs.db:encryptable:$DATA
Found NTFS alternate data stream: C:\Julie\Molecular biology\Calcium channels with Rob\Rob's suggestions\Thumbs.db:encryptable:$DATA
Found NTFS alternate data stream: C:\Julie\Molecular biology\Calcium channels with Rob\WB1\April1-08\Thumbs.db:encryptable:$DATA
Found NTFS alternate data stream: C:\Julie\Molecular biology\Calcium channels with Rob\WB1\March 28_1.2+1.3_CA1+DG\Thumbs.db:encryptable:$DATA
Found NTFS alternate data stream: C:\Julie\Molecular biology\Calcium channels with Rob\WB1\March27-08\Thumbs.db:encryptable:$DATA
Found NTFS alternate data stream: C:\Julie\Molecular biology\Calcium channels with Rob\WB1\Thumbs.db:encryptable:$DATA
Found NTFS alternate data stream: C:\Julie\Molecular biology\GSH with Choi\GSH assay Samples 1\103008GSH-1.txt:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Julie\Molecular biology\GSH with Choi\GSH assay Samples 1\103008GSH-2.txt:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Julie\Molecular biology\GSH with Choi\GSH assay Samples 1\103008GSH-2nocutoff.txt:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Julie\Molecular biology\GSH with Choi\GSH assay Samples 1\103008GSH-3nocutoff.txt:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Julie\Molecular biology\GSH with Choi\GSH assay Samples 1\GSH assay.pzf:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Julie\Molecular biology\GSH with Choi\GSH assay Samples 1\GSH assay.xls:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Julie\Molecular biology\GSH with Choi\GSH assay Samples 2\111208 GSH-1-1.txt:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Julie\Molecular biology\GSH with Choi\GSH assay Samples 2\111208 GSH-1.txt:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Julie\Molecular biology\GSH with Choi\GSH assay Samples 2\111208 GSH-2nocutoff.txt:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Julie\Molecular biology\GSH with Choi\GSH assay Samples 2\111208 GSH-3cutoffat420.txt:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Julie\Molecular biology\GSH with Choi\GSH assay Samples 2\111208 GSH.txt:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Julie\Molecular biology\GSH with Choi\GSH assay Samples 3\120308340420GSH-1.txt:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Julie\Molecular biology\GSH with Choi\GSH assay Samples 3\120308340420GSH-2.txt:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Julie\Molecular biology\GSH with Choi\GSH assay Samples 3\120308340420GSH-2nocutoff.txt:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Julie\Molecular biology\GSH with Choi\GSH assay Samples 3\120308340420GSH.txt:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Julie\Molecular biology\GSH with Choi\Papers\nihms11874[1].pdf:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Julie\Molecular biology\GSH with Choi\Protein assay Samples 1\21.txt:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Julie\Molecular biology\GSH with Choi\RyR IP GSH probe dot blot\112008 ip-dot GSH probe 20.1sc:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Julie\Molecular biology\GSH with Choi\RyR IP GSH probe dot blot\112008 ip-dot GSH probe 20.tif:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Julie\Molecular biology\GSH with Choi\RyR IP GSH probe dot blot\112008 ip-dot GSH probe 40.1sc:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Julie\Molecular biology\GSH with Choi\RyR IP GSH probe dot blot\112008 ip-dot GSH probe 40.tif:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Julie\Molecular biology\GSH with Choi\RyR IP GSH probe dot blot\Thumbs.db:encryptable:$DATA
Found NTFS alternate data stream: C:\Julie\Molecular biology\GSH with Choi\RyR IP GSH probe Western\112408 a 300 ip w RyR and probed w GSH.1sc:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Julie\Molecular biology\GSH with Choi\RyR IP GSH probe Western\112408 a 300 ip w RyR and probed w GSH.tif:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Julie\Molecular biology\GSH with Choi\RyR IP GSH probe Western\112408 b 300 ip w RyR and probed w GSH.1sc:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Julie\Molecular biology\GSH with Choi\RyR IP GSH probe Western\112408 b 300 ip w RyR and probed w GSH.tif:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Julie\Molecular biology\GSH with Choi\RyR IP GSH probe Western\Thumbs.db:encryptable:$DATA
Found NTFS alternate data stream: C:\Julie\Molecular biology\GSH with Choi\RyR IP RyR probe Western\112408 a 60 ip w RyR and probed ryr.1sc:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Julie\Molecular biology\GSH with Choi\RyR IP RyR probe Western\112408 a 60 ip w RyR and probed ryr.tif:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Julie\Molecular biology\GSH with Choi\RyR IP RyR probe Western\112408 b 200 ip w RyR and probed ryr.1sc:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Julie\Molecular biology\GSH with Choi\RyR IP RyR probe Western\112408 b 200 ip w RyR and probed ryr.tif:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Julie\Molecular biology\GSH with Choi\RyR IP RyR probe Western\Thumbs.db:encryptable:$DATA
Found trojan file: C:\Program Files\Symantec\LiveUpdate\DISreboot.exe (Agent.3053)
Found NTFS alternate data stream: C:\RECYCLER\S-1-5-21-1482476501-1645522239-725345543-1003\Dc6.zip:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\RECYCLER\S-1-5-21-1482476501-1645522239-725345543-1003\Dc7.tif:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\RECYCLER\S-1-5-21-1482476501-1645522239-725345543-1003\Dc8.tif:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Temp\143engc2.exe:Zone.Identifier:$DATA
Warning: Executable file with double extensions found: C:\WINDOWS\$NtServicePackUninstall$\system.web.dll
Warning: Executable file with double extensions found: C:\WINDOWS\ServicePackFiles\i386\mscorrc.chs.dll
Warning: Executable file with double extensions found: C:\WINDOWS\ServicePackFiles\i386\mscorrc.cht.dll
Warning: Executable file with double extensions found: C:\WINDOWS\ServicePackFiles\i386\mscorrc.ger.dll
Warning: Executable file with double extensions found: C:\WINDOWS\ServicePackFiles\i386\mscorrc.kor.dll
Warning: Executable file with double extensions found: C:\WINDOWS\ServicePackFiles\i386\system.web.dll
Warning: Executable file with double extensions found: C:\WINDOWS\ServicePackFiles\i386\system.xml.dll
Warning: Executable file with double extensions found: C:\WINDOWS\ServicePackFiles\i386\vbc7ui.chs.dll
Warning: Executable file with double extensions found: C:\WINDOWS\ServicePackFiles\i386\vbc7ui.cht.dll
Warning: Executable file with double extensions found: C:\WINDOWS\ServicePackFiles\i386\vbc7ui.ger.dll
Warning: Executable file with double extensions found: C:\WINDOWS\ServicePackFiles\i386\vbc7ui.kor.dll
Warning: Executable file with double extensions found: C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\system.web.dll

Update: Trojan Hunter found one Trojan (see log above).
I'll wait for your instructions.

Also, Sophos notified me of the following:

File C:/Documents and settings/CNL/Local settings/Temp/yvfuyqwp.dll belongs to Virus/Trojan Mal/Generic-A.

Is this another virus? I'm not sure how this could have happened as I have barely been using this computer while I'm attempting to clean it up.

Thanks for your help!

[Undersea_Gal]

TrojanHunter Scan Report - Saved 2009-01-16 11:15

Found NTFS alternate data stream: C:\Documents and Settings\All Users.WINDOWS\Documents\My Pictures\Sample Pictures\Thumbs.db:encryptable:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Backup\ExcelTrendline.doc:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Backup\Interim Feedback - CAUNT.ppt:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Backup\MSci Projects Offered 2007-08.doc:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Backup\Runner LTD TBOA + Ifen (n=4,3).xls:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Backup\TBOA graphs.cdr:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Backup\Thumbs.db:encryptable:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\clare + julie.JPG:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Clean up\ATF-Cleaner.exe:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Clean up\ccsetup215.exe:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Clean up\cureit.exe:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Clean up\Flash_Disinfector.exe:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Clean up\GooredFix.exe:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Clean up\HJTInstall.exe:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Clean up\mbam-setup.exe:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Clean up\RootRepeal\RootRepeal.exe:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Clean up\RootRepeal.zip:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Clean up\Thumbs.db:encryptable:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\FileInfo\FileInfo.vbs:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\FileInfo.zip:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Lab\Conferences\Thumbs.db:encryptable:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Lab\Molecular biology clean back up\Calcium channels with Rob\Rob's suggestions\Thumbs.db:encryptable:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Lab\Molecular biology clean back up\Calcium channels with Rob\WB1\April1-08\Thumbs.db:encryptable:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Lab\Molecular biology clean back up\Calcium channels with Rob\WB1\March 28_1.2+1.3_CA1+DG\Thumbs.db:encryptable:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Lab\Molecular biology clean back up\Calcium channels with Rob\WB1\March27-08\Thumbs.db:encryptable:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Lab\Molecular biology clean back up\Calcium channels with Rob\WB1\Thumbs.db:encryptable:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Lab\Molecular biology clean back up\GSH with Choi\GSH assay Samples 1\103008GSH-1.txt:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Lab\Molecular biology clean back up\GSH with Choi\GSH assay Samples 1\103008GSH-2.txt:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Lab\Molecular biology clean back up\GSH with Choi\GSH assay Samples 1\103008GSH-2nocutoff.txt:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Lab\Molecular biology clean back up\GSH with Choi\GSH assay Samples 1\103008GSH-3nocutoff.txt:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Lab\Molecular biology clean back up\GSH with Choi\GSH assay Samples 1\GSH assay.pzf:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Lab\Molecular biology clean back up\GSH with Choi\GSH assay Samples 1\GSH assay.xls:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Lab\Molecular biology clean back up\GSH with Choi\GSH assay Samples 2\111208 GSH-1-1.txt:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Lab\Molecular biology clean back up\GSH with Choi\GSH assay Samples 2\111208 GSH-1.txt:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Lab\Molecular biology clean back up\GSH with Choi\GSH assay Samples 2\111208 GSH-2nocutoff.txt:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Lab\Molecular biology clean back up\GSH with Choi\GSH assay Samples 2\111208 GSH-3cutoffat420.txt:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Lab\Molecular biology clean back up\GSH with Choi\GSH assay Samples 2\111208 GSH.txt:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Lab\Molecular biology clean back up\GSH with Choi\GSH assay Samples 3\120308340420GSH-1.txt:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Lab\Molecular biology clean back up\GSH with Choi\GSH assay Samples 3\120308340420GSH-2.txt:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Lab\Molecular biology clean back up\GSH with Choi\GSH assay Samples 3\120308340420GSH-2nocutoff.txt:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Lab\Molecular biology clean back up\GSH with Choi\GSH assay Samples 3\120308340420GSH.txt:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Lab\Molecular biology clean back up\GSH with Choi\Papers\nihms11874[1].pdf:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Lab\Molecular biology clean back up\GSH with Choi\Protein assay Samples 1\21.txt:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Lab\Molecular biology clean back up\GSH with Choi\RyR IP GSH probe dot blot\112008 ip-dot GSH probe 20.1sc:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Lab\Molecular biology clean back up\GSH with Choi\RyR IP GSH probe dot blot\112008 ip-dot GSH probe 20.tif:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Lab\Molecular biology clean back up\GSH with Choi\RyR IP GSH probe dot blot\112008 ip-dot GSH probe 40.1sc:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Lab\Molecular biology clean back up\GSH with Choi\RyR IP GSH probe dot blot\112008 ip-dot GSH probe 40.tif:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Lab\Molecular biology clean back up\GSH with Choi\RyR IP GSH probe dot blot\Thumbs.db:encryptable:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Lab\Molecular biology clean back up\GSH with Choi\RyR IP GSH probe Western\112408 a 300 ip w RyR and probed w GSH.1sc:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Lab\Molecular biology clean back up\GSH with Choi\RyR IP GSH probe Western\112408 a 300 ip w RyR and probed w GSH.tif:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Lab\Molecular biology clean back up\GSH with Choi\RyR IP GSH probe Western\112408 b 300 ip w RyR and probed w GSH.1sc:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Lab\Molecular biology clean back up\GSH with Choi\RyR IP GSH probe Western\112408 b 300 ip w RyR and probed w GSH.tif:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Lab\Molecular biology clean back up\GSH with Choi\RyR IP GSH probe Western\Thumbs.db:encryptable:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Lab\Molecular biology clean back up\GSH with Choi\RyR IP RyR probe Western\112408 a 60 ip w RyR and probed ryr.1sc:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Lab\Molecular biology clean back up\GSH with Choi\RyR IP RyR probe Western\112408 a 60 ip w RyR and probed ryr.tif:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Lab\Molecular biology clean back up\GSH with Choi\RyR IP RyR probe Western\112408 b 200 ip w RyR and probed ryr.1sc:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Lab\Molecular biology clean back up\GSH with Choi\RyR IP RyR probe Western\112408 b 200 ip w RyR and probed ryr.tif:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Lab\Molecular biology clean back up\GSH with Choi\RyR IP RyR probe Western\Thumbs.db:encryptable:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Lab\Thumbs.db:encryptable:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\OTScanIt2.exe:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Programs\FileFormatConverters.exe:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Programs\Firefox Setup 2.0.0.4.exe:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\Programs\pclamp920011.exe:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\RootRepeal\RootRepeal.exe:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\RootRepeal.zip:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\setup_7.0.0.290_13.01.2009_20-21.exe:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Desktop\TrojanHunterSetup.exe:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\Local Settings\Temp\Temporary Directory 1 for runscanner.zip\RunScanner.exe:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\My Documents\Alina\Alina\ACC Animal Order Form.doc:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\My Documents\Alina\Receipt_PrinterFriendly_files\Thumbs.db:encryptable:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\My Documents\Alina\revisedchapter30.pdf:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\My Documents\Brennan\Brennan\EadieGBB2005v1.doc:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\My Documents\Brennan\Brennan\EadieHIP2005v1.doc:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\My Documents\Brennan\DATA\FromShervin\1)--July-04-05.xls:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\My Documents\Brennan\DATA\FromShervin\1)--July-05.xls:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\My Documents\Brennan\DATA\FromShervin\1)--June-29-05.xls:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\My Documents\Brennan\DATA\FromShervin\1)--June-29-05a.xls:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\My Documents\Brennan\DATA\FromShervin\1-June-06-03.xls:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\My Documents\Brennan\DATA\FromShervin\1-June-07-05 (Brennan's).xls:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\My Documents\Brennan\DATA\FromShervin\1-June-07-05.xls:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\My Documents\Brennan\DATA\FromShervin\1-LTP-Sherv's Rig-June-06-05.xls:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\My Documents\Brennan\DATA\FromShervin\2)--July-04-05.xls:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\My Documents\Brennan\DATA\FromShervin\2)--July-05.xls:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\My Documents\Brennan\DATA\FromShervin\2-June-06-03.xls:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\My Documents\Brennan\DATA\FromShervin\2-June-07-05 (Brennan's).xls:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\My Documents\Brennan\DATA\FromShervin\2-June-07-05.xls:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\My Documents\Brennan\DATA\FromShervin\2-LTP-Sherv's Rig-June-06-05.xls:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\My Documents\Brennan\DATA\FromShervin\3)--July-05.xls:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\My Documents\Brennan\DATA\FromShervin\4)--July-05.xls:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\My Documents\Brennan\DATA\FromShervin\data.zip:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\My Documents\Brennan\DATA\MeCP2005\MeCP2Con13F5LTBScVasuta.xls:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\My Documents\Brennan\EadieGBB2005v2nofigs.doc:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\My Documents\Charlie\Images\Thumbs.db:encryptable:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\My Documents\Charlie\NO notes.doc:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\My Documents\Charlie\Papers\LTPhowtomanual.pdf:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\My Documents\Charlie\Papers\Theelectrophysiologysetup.pdf:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\My Documents\Charlie\Therapeutic applications.doc:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\My Documents\Cristina\Cristina Vasuta\Discuss the implications for neuroscience.doc:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\My Documents\Cristina\Cristina Vasuta\latest recordings\August 29 (field).xls:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\My Documents\Cristina\Cristina Vasuta\traces rig 1\ACSF control baseline LTP.xls:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\My Documents\Cristina\Cristina Vasuta\traces rig 1\ACSF control posttet LTP.xls:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\My Documents\Cristina\Cristina Vasuta\traces rig 1\ACSF Runner baseline LTP.xls:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\My Documents\Cristina\Cristina Vasuta\traces rig 1\ACSF Runner posttet LTP.xls:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\My Documents\Cristina\Cristina Vasuta\traces rig 1\Ifenprodil control baseline LTP.xls:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\My Documents\Cristina\Cristina Vasuta\traces rig 1\Ifenprodil control LTP.xls:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\My Documents\Cristina\Cristina Vasuta\traces rig 1\Ifenprodil Runner baseline LTP.xls:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\My Documents\Cristina\Cristina Vasuta\traces rig 1\Ifenprodil Runner posttet LTP.xls:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\My Documents\Cristina\Cristina Vasuta\traces rig 1\NVP control baseline LTD.xls:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\My Documents\Cristina\Cristina Vasuta\traces rig 1\NVP control baseline LTP.xls:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\My Documents\Cristina\Cristina Vasuta\traces rig 1\NVP control posttet LTD.xls:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\My Documents\Cristina\Cristina Vasuta\traces rig 1\NVP control posttet LTP.xls:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\My Documents\Cristina\Cristina Vasuta\traces rig 1\NVP runner baseline LTD.xls:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\My Documents\Cristina\Cristina Vasuta\traces rig 1\NVP runner baseline LTP.xls:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\My Documents\Cristina\Cristina Vasuta\traces rig 1\NVP runner posttet LTD.xls:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Documents and Settings\CNL\My Documents\Cristina\Cristina Vasuta\traces rig 1\NVP runner posttet LTP.xls:Zone.Identifier:$DATA
Warning: Executable file with double extensions found: C:\hp\drivers\hpiz423\setup\CCC\HpRegSecChkFix_v1_1_10.sig.exe
Found NTFS alternate data stream: C:\Julie\Articles\03Colcombe-Kramer.pdf:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Julie\Articles\Glutathione\nAC and A beta.pdf:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Julie\Articles\Glutathione\nAC and glutathione.pdf:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Julie\Articles\Glutathione\nAC as Glutathione precursor.pdf:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Julie\Conferences etc\CAN 2008\Thumbs.db:encryptable:$DATA
Found NTFS alternate data stream: C:\Julie\Conferences etc\Thumbs.db:encryptable:$DATA
Found NTFS alternate data stream: C:\Julie\Molecular biology\Calcium channels with Rob\Rob's suggestions\Thumbs.db:encryptable:$DATA
Found NTFS alternate data stream: C:\Julie\Molecular biology\Calcium channels with Rob\WB1\April1-08\Thumbs.db:encryptable:$DATA
Found NTFS alternate data stream: C:\Julie\Molecular biology\Calcium channels with Rob\WB1\March 28_1.2+1.3_CA1+DG\Thumbs.db:encryptable:$DATA
Found NTFS alternate data stream: C:\Julie\Molecular biology\Calcium channels with Rob\WB1\March27-08\Thumbs.db:encryptable:$DATA
Found NTFS alternate data stream: C:\Julie\Molecular biology\Calcium channels with Rob\WB1\Thumbs.db:encryptable:$DATA
Found NTFS alternate data stream: C:\Julie\Molecular biology\GSH with Choi\GSH assay Samples 1\103008GSH-1.txt:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Julie\Molecular biology\GSH with Choi\GSH assay Samples 1\103008GSH-2.txt:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Julie\Molecular biology\GSH with Choi\GSH assay Samples 1\103008GSH-2nocutoff.txt:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Julie\Molecular biology\GSH with Choi\GSH assay Samples 1\103008GSH-3nocutoff.txt:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Julie\Molecular biology\GSH with Choi\GSH assay Samples 1\GSH assay.pzf:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Julie\Molecular biology\GSH with Choi\GSH assay Samples 1\GSH assay.xls:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Julie\Molecular biology\GSH with Choi\GSH assay Samples 2\111208 GSH-1-1.txt:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Julie\Molecular biology\GSH with Choi\GSH assay Samples 2\111208 GSH-1.txt:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Julie\Molecular biology\GSH with Choi\GSH assay Samples 2\111208 GSH-2nocutoff.txt:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Julie\Molecular biology\GSH with Choi\GSH assay Samples 2\111208 GSH-3cutoffat420.txt:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Julie\Molecular biology\GSH with Choi\GSH assay Samples 2\111208 GSH.txt:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Julie\Molecular biology\GSH with Choi\GSH assay Samples 3\120308340420GSH-1.txt:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Julie\Molecular biology\GSH with Choi\GSH assay Samples 3\120308340420GSH-2.txt:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Julie\Molecular biology\GSH with Choi\GSH assay Samples 3\120308340420GSH-2nocutoff.txt:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Julie\Molecular biology\GSH with Choi\GSH assay Samples 3\120308340420GSH.txt:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Julie\Molecular biology\GSH with Choi\Papers\nihms11874[1].pdf:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Julie\Molecular biology\GSH with Choi\Protein assay Samples 1\21.txt:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Julie\Molecular biology\GSH with Choi\RyR IP GSH probe dot blot\112008 ip-dot GSH probe 20.1sc:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Julie\Molecular biology\GSH with Choi\RyR IP GSH probe dot blot\112008 ip-dot GSH probe 20.tif:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Julie\Molecular biology\GSH with Choi\RyR IP GSH probe dot blot\112008 ip-dot GSH probe 40.1sc:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Julie\Molecular biology\GSH with Choi\RyR IP GSH probe dot blot\112008 ip-dot GSH probe 40.tif:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Julie\Molecular biology\GSH with Choi\RyR IP GSH probe dot blot\Thumbs.db:encryptable:$DATA
Found NTFS alternate data stream: C:\Julie\Molecular biology\GSH with Choi\RyR IP GSH probe Western\112408 a 300 ip w RyR and probed w GSH.1sc:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Julie\Molecular biology\GSH with Choi\RyR IP GSH probe Western\112408 a 300 ip w RyR and probed w GSH.tif:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Julie\Molecular biology\GSH with Choi\RyR IP GSH probe Western\112408 b 300 ip w RyR and probed w GSH.1sc:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Julie\Molecular biology\GSH with Choi\RyR IP GSH probe Western\112408 b 300 ip w RyR and probed w GSH.tif:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Julie\Molecular biology\GSH with Choi\RyR IP GSH probe Western\Thumbs.db:encryptable:$DATA
Found NTFS alternate data stream: C:\Julie\Molecular biology\GSH with Choi\RyR IP RyR probe Western\112408 a 60 ip w RyR and probed ryr.1sc:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Julie\Molecular biology\GSH with Choi\RyR IP RyR probe Western\112408 a 60 ip w RyR and probed ryr.tif:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Julie\Molecular biology\GSH with Choi\RyR IP RyR probe Western\112408 b 200 ip w RyR and probed ryr.1sc:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Julie\Molecular biology\GSH with Choi\RyR IP RyR probe Western\112408 b 200 ip w RyR and probed ryr.tif:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Julie\Molecular biology\GSH with Choi\RyR IP RyR probe Western\Thumbs.db:encryptable:$DATA
Found trojan file: C:\Program Files\Symantec\LiveUpdate\DISreboot.exe (Agent.3053)
Found NTFS alternate data stream: C:\RECYCLER\S-1-5-21-1482476501-1645522239-725345543-1003\Dc6.zip:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\RECYCLER\S-1-5-21-1482476501-1645522239-725345543-1003\Dc7.tif:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\RECYCLER\S-1-5-21-1482476501-1645522239-725345543-1003\Dc8.tif:Zone.Identifier:$DATA
Found NTFS alternate data stream: C:\Temp\143engc2.exe:Zone.Identifier:$DATA
Warning: Executable file with double extensions found: C:\WINDOWS\$NtServicePackUninstall$\system.web.dll
Warning: Executable file with double extensions found: C:\WINDOWS\ServicePackFiles\i386\mscorrc.chs.dll
Warning: Executable file with double extensions found: C:\WINDOWS\ServicePackFiles\i386\mscorrc.cht.dll
Warning: Executable file with double extensions found: C:\WINDOWS\ServicePackFiles\i386\mscorrc.ger.dll
Warning: Executable file with double extensions found: C:\WINDOWS\ServicePackFiles\i386\mscorrc.kor.dll
Warning: Executable file with double extensions found: C:\WINDOWS\ServicePackFiles\i386\system.web.dll
Warning: Executable file with double extensions found: C:\WINDOWS\ServicePackFiles\i386\system.xml.dll
Warning: Executable file with double extensions found: C:\WINDOWS\ServicePackFiles\i386\vbc7ui.chs.dll
Warning: Executable file with double extensions found: C:\WINDOWS\ServicePackFiles\i386\vbc7ui.cht.dll
Warning: Executable file with double extensions found: C:\WINDOWS\ServicePackFiles\i386\vbc7ui.ger.dll
Warning: Executable file with double extensions found: C:\WINDOWS\ServicePackFiles\i386\vbc7ui.kor.dll
Warning: Executable file with double extensions found: C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\system.web.dll

Update: Trojan Hunter found one Trojan (see log above).
I'll wait for your instructions.

Also, Sophos notified me of the following:

File C:/Documents and settings/CNL/Local settings/Temp/yvfuyqwp.dll belongs to Virus/Trojan Mal/Generic-A.

Is this another virus? I'm not sure how this could have happened as I have barely been using this computer while I'm attempting to clean it up.

Thanks for your help!

[RatHat]

Well that give me a hint as to where the problem might lie.

Please download the OTMoveIt3 by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
• Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  :processes
  explorer.exe
  
  :files
  C:\Program Files\Symantec
  C:\Temp\*.*
  C:\Documents and settings\CNL\Local settings\Temp\*.*
  
  :commands
  [purity]
  [emptytemp]
  [start explorer]

• Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
• Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

[Undersea_Gal]

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
C:\Program Files\Symantec\LiveUpdate moved successfully.
C:\Program Files\Symantec moved successfully.
C:\Temp\143engc2.exe moved successfully.
C:\Temp\OxpSp2.exe moved successfully.
C:\Temp\pclamp920011.exe moved successfully.
C:\Temp\WindowsXP-KB884020-x86-enu.exe moved successfully.
C:\Documents and settings\CNL\Local settings\Temp\0rcBuddy.cab moved successfully.
C:\Documents and settings\CNL\Local settings\Temp\1197e9f.mst moved successfully.
C:\Documents and settings\CNL\Local settings\Temp\17pimstore.002 moved successfully.
C:\Documents and settings\CNL\Local settings\Temp\1newsgroups.cab moved successfully.
C:\Documents and settings\CNL\Local settings\Temp\3pss.cab moved successfully.
C:\Documents and settings\CNL\Local settings\Temp\3wkwcedev.001 moved successfully.
C:\Documents and settings\CNL\Local settings\Temp\49wkwcedev.001 moved successfully.
C:\Documents and settings\CNL\Local settings\Temp\7pimstore.002 moved successfully.
C:\Documents and settings\CNL\Local settings\Temp\8pimstore.002 moved successfully.
C:\Documents and settings\CNL\Local settings\Temp\8wkwcedev.001 moved successfully.
C:\Documents and settings\CNL\Local settings\Temp\9pimstore.002 moved successfully.
C:\Documents and settings\CNL\Local settings\Temp\9wkwcedev.001 moved successfully.
File move failed. C:\Documents and settings\CNL\Local settings\Temp\Acr4.tmp scheduled to be moved on reboot.
File move failed. C:\Documents and settings\CNL\Local settings\Temp\Acr5.tmp scheduled to be moved on reboot.
File move failed. C:\Documents and settings\CNL\Local settings\Temp\Acr6.tmp scheduled to be moved on reboot.
File move failed. C:\Documents and settings\CNL\Local settings\Temp\etilqs_iIMoTyeGhvSbFAwmtTo0 scheduled to be moved on reboot.
C:\Documents and settings\CNL\Local settings\Temp\hpzEN5k4.chm moved successfully.
C:\Documents and settings\CNL\Local settings\Temp\hpzEN5k4.hlp moved successfully.
C:\Documents and settings\CNL\Local settings\Temp\java_install_reg.log moved successfully.
C:\Documents and settings\CNL\Local settings\Temp\jusched.log moved successfully.
C:\Documents and settings\CNL\Local settings\Temp\newsgroups.cab moved successfully.
C:\Documents and settings\CNL\Local settings\Temp\pimstore.002 moved successfully.
C:\Documents and settings\CNL\Local settings\Temp\pss.cab moved successfully.
C:\Documents and settings\CNL\Local settings\Temp\rcBuddy.cab moved successfully.
C:\Documents and settings\CNL\Local settings\Temp\SET28.tmp moved successfully.
C:\Documents and settings\CNL\Local settings\Temp\Set29.tmp moved successfully.
C:\Documents and settings\CNL\Local settings\Temp\set2A.tmp moved successfully.
C:\Documents and settings\CNL\Local settings\Temp\Set93.tmp moved successfully.
C:\Documents and settings\CNL\Local settings\Temp\set94.tmp moved successfully.
C:\Documents and settings\CNL\Local settings\Temp\Set95.tmp moved successfully.
C:\Documents and settings\CNL\Local settings\Temp\wkwcedev.001 moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\CNL\LOCALS~1\Temp\Acr4.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\CNL\LOCALS~1\Temp\Acr5.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\CNL\LOCALS~1\Temp\Acr6.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\CNL\LOCALS~1\Temp\etilqs_iIMoTyeGhvSbFAwmtTo0 scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\CNL\Local Settings\Application Data\Mozilla\Firefox\Profiles\1jg8q15o.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\CNL\Local Settings\Application Data\Mozilla\Firefox\Profiles\1jg8q15o.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\CNL\Local Settings\Application Data\Mozilla\Firefox\Profiles\1jg8q15o.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\CNL\Local Settings\Application Data\Mozilla\Firefox\Profiles\1jg8q15o.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\CNL\Local Settings\Application Data\Mozilla\Firefox\Profiles\1jg8q15o.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\CNL\Local Settings\Application Data\Mozilla\Firefox\Profiles\1jg8q15o.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01162009_174831

Files moved on Reboot...
C:\Documents and settings\CNL\Local settings\Temp\Acr4.tmp moved successfully.
C:\Documents and settings\CNL\Local settings\Temp\Acr5.tmp moved successfully.
File C:\Documents and settings\CNL\Local settings\Temp\Acr6.tmp not found!
File C:\Documents and settings\CNL\Local settings\Temp\etilqs_iIMoTyeGhvSbFAwmtTo0 not found!
File C:\DOCUME~1\CNL\LOCALS~1\Temp\Acr4.tmp not found!
File C:\DOCUME~1\CNL\LOCALS~1\Temp\Acr5.tmp not found!
File C:\DOCUME~1\CNL\LOCALS~1\Temp\Acr6.tmp not found!
File C:\DOCUME~1\CNL\LOCALS~1\Temp\etilqs_iIMoTyeGhvSbFAwmtTo0 not found!
C:\Documents and Settings\CNL\Local Settings\Application Data\Mozilla\Firefox\Profiles\1jg8q15o.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\CNL\Local Settings\Application Data\Mozilla\Firefox\Profiles\1jg8q15o.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\CNL\Local Settings\Application Data\Mozilla\Firefox\Profiles\1jg8q15o.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\CNL\Local Settings\Application Data\Mozilla\Firefox\Profiles\1jg8q15o.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\CNL\Local Settings\Application Data\Mozilla\Firefox\Profiles\1jg8q15o.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\CNL\Local Settings\Application Data\Mozilla\Firefox\Profiles\1jg8q15o.default\XUL.mfl moved successfully.

[Undersea_Gal]

I'm getting a little worried.

I noticed one of the files that got moved (I'm assuming this means deleted) is named pclamp (5th from the top).
PClamp is a program I use that is critical to what I do.

I hope this won't affect it. It won't, right?

[RatHat]

OTMoveIt moves files to a new location so they cant be found. This effectively stops the malware from running without deleting the files. We can easily put that file back in their original locations when needed.

Open OTMoveIt3 again, then click on the Restore button.

A window will open Select restore file to open

In it will be a folder and a file named something like: 01162009_184245.res Where todays date is 01.16.2009
Highlight this file then click Open.

The next window will give a list of all the files we have moved.

Place a tick in the Select box next to C:\Temp\pclamp920011.exe

Then click RestoreIt button. This will put it back ito its original location.

Make sure you can run the PCClamp program again and let me know if it reports any errors.

It is strange that this program puts its files in a temp folder, as this is for files that are used on a temporary basis and can be easily deleted. It is also where the last logs are showing malware files to be located.

[RatHat]

After restoring pclamp920011.exe I would like you to run another scan.

Download OTListIt2.exe and save it to your desktop

• Double click OTListIt2.exe to run the program
• Put a checkmark into Scan All Users
• In the Output box, make sure that Standard Output is selected
• In Extra Registry check Use SafeList
• In the File Age drop down menu, select 90 Days
• Make sure that both LOP Check and Purity Check are ticked
• Click the Run Scan button

When the scan is complete, a log will open named OTListIt.Txt another log will also be produced but will be minimised, named Extras.Txt Both these logs will be saved to your desktop.

Please post the contents of both logs in your next reply.

[RatHat]

Do you still require assistance with this log?

Regards,
RatHat

[RatHat]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.