[derek01f]

still running haha at 27%

[Advertisements]

It takes a while

[Rorschach112]

It takes a while

[derek01f]

i can see that haha... thanks for all your help on this

[derek01f]

Kaspersky Log:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
2008-05-01 15:26
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 1/05/2008
Kaspersky Anti-Virus database records: 734077
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
I:\
P:\
S:\
W:\
Z:\

Scan Statistics:
Total number of scanned objects: 101924
Number of viruses found: 9
Number of infected objects: 23
Number of suspicious objects: 10
Duration of the scan process: 04:26:56

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Nero\Nero8\Nero BackItUp\Cache\NeroBackItUpScheduler3.log Object is locked skipped
C:\Documents and Settings\Dkauffman\Application Data\GTek\GTUpdate\AUpdate\EasyLinkAdvisor\gdql_lsa_LinksysAgent.log Object is locked skipped
C:\Documents and Settings\Dkauffman\Application Data\GTek\GTUpdate\AUpdate\EasyLinkAdvisor\glog.log Object is locked skipped
C:\Documents and Settings\Dkauffman\Application Data\GTek\GTUpdate\AUpdate\EasyLinkAdvisor\LinksysAgent.log Object is locked skipped
C:\Documents and Settings\Dkauffman\Application Data\GTek\GTUpdate\AUpdate\EasyLinkAdvisor\LinksysAgent_GTActions.log Object is locked skipped
C:\Documents and Settings\Dkauffman\Application Data\Mozilla\Firefox\Profiles\rhjm97gv.default\cert8.db Object is locked skipped
C:\Documents and Settings\Dkauffman\Application Data\Mozilla\Firefox\Profiles\rhjm97gv.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Dkauffman\Application Data\Mozilla\Firefox\Profiles\rhjm97gv.default\history.dat Object is locked skipped
C:\Documents and Settings\Dkauffman\Application Data\Mozilla\Firefox\Profiles\rhjm97gv.default\key3.db Object is locked skipped
C:\Documents and Settings\Dkauffman\Application Data\Mozilla\Firefox\Profiles\rhjm97gv.default\parent.lock Object is locked skipped
C:\Documents and Settings\Dkauffman\Application Data\Mozilla\Firefox\Profiles\rhjm97gv.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Dkauffman\Application Data\Mozilla\Firefox\Profiles\rhjm97gv.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Dkauffman\Application Data\MySpace\IM\Logs\MySpaceIM-20080501-094522.log Object is locked skipped
C:\Documents and Settings\Dkauffman\Application Data\Realtime Soft\UltraMon\3.0.0\TaskbarBandState Object is locked skipped
C:\Documents and Settings\Dkauffman\Application Data\Thunderbird\Profiles\a4454cd7.default\Mail\Local Folders\Email Servers.sbd\Postmaster/[From localhost][Date Wed, 27 Jun 2007 00:15:26 -0400]/UNNAMED/[From 46026.fln.virtua.com.br [200.174.46.26] (may be forged)][Date Wed, 27 Jun 2007 00:15:24 -0400]/UNNAMED/[From "Regions Bank" <[email protected]>][Date Tue, 26 Jun 2007 19:35:27 -0400]/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Dkauffman\Application Data\Thunderbird\Profiles\a4454cd7.default\Mail\Local Folders\Email Servers.sbd\Postmaster/[From localhost][Date Wed, 27 Jun 2007 00:15:26 -0400]/UNNAMED/[From 46026.fln.virtua.com.br [200.174.46.26] (may be forged)][Date Wed, 27 Jun 2007 00:15:24 -0400]/UNNAMED Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Dkauffman\Application Data\Thunderbird\Profiles\a4454cd7.default\Mail\Local Folders\Email Servers.sbd\Postmaster/[From localhost][Date Wed, 27 Jun 2007 00:15:26 -0400]/UNNAMED Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Dkauffman\Application Data\Thunderbird\Profiles\a4454cd7.default\Mail\Local Folders\Email Servers.sbd\Postmaster/[From localhost][Date Tue, 26 Jun 2007 23:06:01 -0400]/UNNAMED/[From host142-161-dynamic.2-79-r.retail.telecomitalia.it [79.2.161.142]][Date Tue, 26 Jun 2007 23:06:00 -0400]/UNNAMED/[From "Bank of the West" <[email protected]>][Date Tue, 26 Jun 2007 18:12:49 -0400]/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Dkauffman\Application Data\Thunderbird\Profiles\a4454cd7.default\Mail\Local Folders\Email Servers.sbd\Postmaster/[From localhost][Date Tue, 26 Jun 2007 23:06:01 -0400]/UNNAMED/[From host142-161-dynamic.2-79-r.retail.telecomitalia.it [79.2.161.142]][Date Tue, 26 Jun 2007 23:06:00 -0400]/UNNAMED Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Dkauffman\Application Data\Thunderbird\Profiles\a4454cd7.default\Mail\Local Folders\Email Servers.sbd\Postmaster/[From localhost][Date Tue, 26 Jun 2007 23:06:01 -0400]/UNNAMED Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Dkauffman\Application Data\Thunderbird\Profiles\a4454cd7.default\Mail\Local Folders\Email Servers.sbd\Postmaster/[From localhost][Date Sat, 28 Jul 2007 14:12:20 -0400]/UNNAMED/[From client-141-158-197-10.co.cambria.pa.us [141.158.197.10] (may be forged)][Date Sat, 28 Jul 2007 12:58:51 -0400]/UNNAMED/[From "Citizens Bank and Charter One Bank" <[email protected]>][Date Sat, 28 Jul 2007 08:45:39 -0400]/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Dkauffman\Application Data\Thunderbird\Profiles\a4454cd7.default\Mail\Local Folders\Email Servers.sbd\Postmaster/[From localhost][Date Sat, 28 Jul 2007 14:12:20 -0400]/UNNAMED/[From client-141-158-197-10.co.cambria.pa.us [141.158.197.10] (may be forged)][Date Sat, 28 Jul 2007 12:58:51 -0400]/UNNAMED Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Dkauffman\Application Data\Thunderbird\Profiles\a4454cd7.default\Mail\Local Folders\Email Servers.sbd\Postmaster/[From localhost][Date Sat, 28 Jul 2007 14:12:20 -0400]/UNNAMED Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\Dkauffman\Application Data\Thunderbird\Profiles\a4454cd7.default\Mail\Local Folders\Email Servers.sbd\Postmaster MailBerkeleymboxx: suspicious - 9 skipped
C:\Documents and Settings\Dkauffman\Application Data\Thunderbird\Profiles\a4454cd7.default\Mail\Local Folders\Email Servers.sbd\Root Bombay/[From Mail Delivery Subsystem <[email protected]>][Date Mon, 30 Jul 2007 11:20:30 -0400]/UNNAMED/[From client-141-158-197-10.co.cambria.pa.us [141.158.197.10] (may be forged)][Date Mon, 30 Jul 2007 11:39:43 -0400]/UNNAMED/[From from 8bit to quoted-printable by chestnut.cambria.pa.us id l6UFeM9O029939][Date Mon, 30 Jul 2007 11:46:03 -0400]/html Infected: Trojan-Spy.HTML.Bankfraud.sm skipped
C:\Documents and Settings\Dkauffman\Application Data\Thunderbird\Profiles\a4454cd7.default\Mail\Local Folders\Email Servers.sbd\Root Bombay/[From Mail Delivery Subsystem <[email protected]>][Date Mon, 30 Jul 2007 11:20:30 -0400]/UNNAMED/[From client-141-158-197-10.co.cambria.pa.us [141.158.197.10] (may be forged)][Date Mon, 30 Jul 2007 11:39:43 -0400]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.sm skipped
C:\Documents and Settings\Dkauffman\Application Data\Thunderbird\Profiles\a4454cd7.default\Mail\Local Folders\Email Servers.sbd\Root Bombay/[From Mail Delivery Subsystem <[email protected]>][Date Mon, 30 Jul 2007 11:20:30 -0400]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.sm skipped
C:\Documents and Settings\Dkauffman\Application Data\Thunderbird\Profiles\a4454cd7.default\Mail\Local Folders\Email Servers.sbd\Root Bombay MailBerkeleymboxx: infected - 3 skipped
C:\Documents and Settings\Dkauffman\Application Data\Thunderbird\Profiles\a4454cd7.default\Mail\Local Folders\Trash/[From "Hrag shahir" <[email protected]>][Date Tue, 2 Oct 2007 15:16:15 +0200]/text/[From "Marcel J. Snow" <[email protected]>][Date Tue, 02 Oct 2007 16:20:23 -0400]/UNNAMED/[From Hewlett-Packard <[email protected]>][Date Tue, 2 Oct 2007 19:15:38 -0700 (PDT)]/UNNAMED/[From "Michael J. Hautz" <[email protected]>][Date Thu, 1 Nov 2007 12:50:36 -0400] ... /[From from 8bit to quoted-printable by chestnut.cambria.pa.us id l6UFeM9O029939][Date Mon, 30 Jul 2007 11:46:03 -0400]/html Infected: Trojan-Spy.HTML.Bankfraud.sm skipped
C:\Documents and Settings\Dkauffman\Application Data\Thunderbird\Profiles\a4454cd7.default\Mail\Local Folders\Trash/[From "Hrag shahir" <[email protected]>][Date Tue, 2 Oct 2007 15:16:15 +0200]/text/[From "Marcel J. Snow" <[email protected]>][Date Tue, 02 Oct 2007 16:20:23 -0400]/UNNAMED/[From Hewlett-Packard <[email protected]>][Date Tue, 2 Oct 2007 19:15:38 -0700 (PDT)]/UNNAMED/[From "Michael J. Hautz" <[email protected]>][Date Thu, 1 Nov 2007 12:50:36 -0400] ... /[From client-141-158-197-10.co.cambria.pa.us [141.158.197.10] (may be forged)][Date Mon, 30 Jul 2007 11:39:43 -0400]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.sm skipped
C:\Documents and Settings\Dkauffman\Application Data\Thunderbird\Profiles\a4454cd7.default\Mail\Local Folders\Trash/[From "Hrag shahir" <[email protected]>][Date Tue, 2 Oct 2007 15:16:15 +0200]/text/[From "Marcel J. Snow" <[email protected]>][Date Tue, 02 Oct 2007 16:20:23 -0400]/UNNAMED/[From Hewlett-Packard <[email protected]>][Date Tue, 2 Oct 2007 19:15:38 -0700 (PDT)]/UNNAMED/[From "Michael J. Hautz" <[email protected]>][Date Thu, 1 Nov 2007 12:50:36 -0400]/text/[From Mail Delivery Subsystem <[email protected]>][Date Mon, 30 Jul 2007 09:55:08 -0400]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.sm skipped
C:\Documents and Settings\Dkauffman\Application Data\Thunderbird\Profiles\a4454cd7.default\Mail\Local Folders\Trash/[From "Hrag shahir" <[email protected]>][Date Tue, 2 Oct 2007 15:16:15 +0200]/text/[From "Marcel J. Snow" <[email protected]>][Date Tue, 02 Oct 2007 16:20:23 -0400]/UNNAMED/[From Hewlett-Packard <[email protected]>][Date Tue, 2 Oct 2007 19:15:38 -0700 (PDT)]/UNNAMED/[From "Michael J. Hautz" <[email protected]>][Date Thu, 1 Nov 2007 12:50:36 -0400]/text Infected: Trojan-Spy.HTML.Bankfraud.sm skipped
C:\Documents and Settings\Dkauffman\Application Data\Thunderbird\Profiles\a4454cd7.default\Mail\Local Folders\Trash/[From "Hrag shahir" <[email protected]>][Date Tue, 2 Oct 2007 15:16:15 +0200]/text/[From "Marcel J. Snow" <[email protected]>][Date Tue, 02 Oct 2007 16:20:23 -0400]/UNNAMED/[From Hewlett-Packard <[email protected]>][Date Tue, 2 Oct 2007 19:15:38 -0700 (PDT)]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.sm skipped
C:\Documents and Settings\Dkauffman\Application Data\Thunderbird\Profiles\a4454cd7.default\Mail\Local Folders\Trash/[From "Hrag shahir" <[email protected]>][Date Tue, 2 Oct 2007 15:16:15 +0200]/text/[From "Marcel J. Snow" <[email protected]>][Date Tue, 02 Oct 2007 16:20:23 -0400]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.sm skipped
C:\Documents and Settings\Dkauffman\Application Data\Thunderbird\Profiles\a4454cd7.default\Mail\Local Folders\Trash/[From "Hrag shahir" <[email protected]>][Date Tue, 2 Oct 2007 15:16:15 +0200]/text Infected: Trojan-Spy.HTML.Bankfraud.sm skipped
C:\Documents and Settings\Dkauffman\Application Data\Thunderbird\Profiles\a4454cd7.default\Mail\Local Folders\Trash MailBerkeleymboxx: infected - 7 skipped
C:\Documents and Settings\Dkauffman\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Dkauffman\Local Settings\Application Data\Ahead\Nero Home\bl.db Object is locked skipped
C:\Documents and Settings\Dkauffman\Local Settings\Application Data\Ahead\Nero Home\is2.db Object is locked skipped
C:\Documents and Settings\Dkauffman\Local Settings\Application Data\AOL OCP\AIM\Storage\All Users\localStorage\common.cls Object is locked skipped
C:\Documents and Settings\Dkauffman\Local Settings\Application Data\AOL OCP\AIM\Storage\data\derek01f\localStorage\common.cls Object is locked skipped
C:\Documents and Settings\Dkauffman\Local Settings\Application Data\ApplicationHistory\hpqgalry.exe.cf8dd223.ini.inuse Object is locked skipped
C:\Documents and Settings\Dkauffman\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped
C:\Documents and Settings\Dkauffman\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Dkauffman\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Dkauffman\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped
C:\Documents and Settings\Dkauffman\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped
C:\Documents and Settings\Dkauffman\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped
C:\Documents and Settings\Dkauffman\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped
C:\Documents and Settings\Dkauffman\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped
C:\Documents and Settings\Dkauffman\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped
C:\Documents and Settings\Dkauffman\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped
C:\Documents and Settings\Dkauffman\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped
C:\Documents and Settings\Dkauffman\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Dkauffman\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Dkauffman\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped
C:\Documents and Settings\Dkauffman\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped
C:\Documents and Settings\Dkauffman\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped
C:\Documents and Settings\Dkauffman\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped
C:\Documents and Settings\Dkauffman\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped
C:\Documents and Settings\Dkauffman\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Dkauffman\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Dkauffman\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped
C:\Documents and Settings\Dkauffman\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped
C:\Documents and Settings\Dkauffman\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Dkauffman\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Dkauffman\Local Settings\Application Data\Mozilla\Firefox\Profiles\rhjm97gv.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Dkauffman\Local Settings\Application Data\Mozilla\Firefox\Profiles\rhjm97gv.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Dkauffman\Local Settings\Application Data\Mozilla\Firefox\Profiles\rhjm97gv.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Dkauffman\Local Settings\Application Data\Mozilla\Firefox\Profiles\rhjm97gv.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Dkauffman\Local Settings\Application Data\Mozilla\Firefox\Profiles\rhjm97gv.default\XUL.mfl Object is locked skipped
C:\Documents and Settings\Dkauffman\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Dkauffman\Local Settings\History\History.IE5\MSHist012008050120080502\index.dat Object is locked skipped
C:\Documents and Settings\Dkauffman\Local Settings\Temp\newtb1handler.log Object is locked skipped
C:\Documents and Settings\Dkauffman\Local Settings\Temp\proxystop-tblauncher.log Object is locked skipped
C:\Documents and Settings\Dkauffman\Local Settings\Temp\tblauncher.log Object is locked skipped
C:\Documents and Settings\Dkauffman\Local Settings\Temp\toolbox_healer50553.log Object is locked skipped
C:\Documents and Settings\Dkauffman\Local Settings\Temp\~DF15D8.tmp Object is locked skipped
C:\Documents and Settings\Dkauffman\Local Settings\Temp\~DF8BFA.tmp Object is locked skipped
C:\Documents and Settings\Dkauffman\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Dkauffman\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Dkauffman\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\downloads\ca_setup.exe/WISE0025.BIN Infected: not-a-virus:PSWTool.Win32.Cain.284 skipped
C:\downloads\ca_setup.exe WiseSFX: infected - 1 skipped
C:\downloads\Nero 8 Ultra Edition 8.2.8.0+Keymaker\Nero-8.2.8.0_eng_trial.exe/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
C:\downloads\Nero 8 Ultra Edition 8.2.8.0+Keymaker\Nero-8.2.8.0_eng_trial.exe 7-Zip: infected - 1 skipped
C:\downloads\tightvnc-1.3.9-setup.exe/data0006 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1370 skipped
C:\downloads\tightvnc-1.3.9-setup.exe Inno: infected - 1 skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
C:\Program Files\Nero\Nero8\Nero BackItUp\BIU1.txt Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{86BF71B8-183A-44D8-9683-D168410C718B}\RP3\change.log Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\Netlogon.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\perfs.exe Infected: Trojan-Downloader.Win32.Delf.grx skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_624.dat Object is locked skipped
C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\Temp\~DFBB13.tmp Object is locked skipped
C:\WINDOWS\Temp\~DFBB20.tmp Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
I:\Software\ipscan\ipscan.exe Infected: not-a-virus:NetTool.Win32.Portscan.c skipped
I:\Software\vnc\tightvnc-1.2.9-setup.exe/data0002 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.h skipped
I:\Software\vnc\tightvnc-1.2.9-setup.exe/data0003 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b skipped
I:\Software\vnc\tightvnc-1.2.9-setup.exe Inno: infected - 2 skipped

Scan process completed.

[derek01f]

New Hijackthis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:27, on 2008-05-01
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
C:\Toshiba\IVP\ISM\pinger.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
c:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\TightVNC\WinVNC.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
C:\WINDOWS\system32\thpsrv.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\TOSHIBA\dynadock Utility\TOSUSBSvr.exe
C:\WINDOWS\system\Cm106eye.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\PROGRA~1\HEWLET~1\Toolbox\STATUS~1\STATUS~1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\Program Files\TripleSync\TSync.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Toshiba\IVP\ISM\ivpsvmgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\PayPal\PayPal Plug-In\RBroker.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\ExtraPutty 0.22\Bin\putty.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://172.17.6.3/tsweb/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.17.6.135:80
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe
O4 - HKLM\..\Run: [ThpSrv] C:\WINDOWS\system32\thpsrv /logon
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang en
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [CM106Sound] RunDll32 CM106.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [TOSUSBSvr] C:\Program Files\TOSHIBA\dynadock Utility\TOSUSBSvr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKCU\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: TSync.lnk = C:\Program Files\TripleSync\TSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: VPN Client.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1204567559250
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1206469195265
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - http://172.17.6.3/tsweb/msrdp.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = cambria.local
O17 - HKLM\Software\..\Telephony: DomainName = cambria.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{C44B3F5B-FCD1-4ED4-9ABE-D72D0BCE72B2}: NameServer = 172.17.6.1,172.17.5.2
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = cambria.local
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DisplayLink Service (DisplayLinkService) - DisplayLink Corp. - C:\Program Files\DisplayLink Core Software\DisplayLinkService.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: pinger - Unknown owner - C:\Toshiba\IVP\ISM\pinger.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: VNC Server (winvnc) - TightVNC Group - C:\Program Files\TightVNC\WinVNC.exe

--
End of file - 15255 bytes

[Rorschach112]

Hello

Please download the OTMoveIt2 by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt2.exe to run it.
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  [kill explorer]
  C:\downloads\ca_setup.exe
  C:\downloads\Nero 8 Ultra Edition 8.2.8.0+Keymaker
  C:\WINDOWS\system32\perfs.exe
  purity 
  [start explorer]

• Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
• Click the red Moveit! button.
• A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
• Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


Reboot and tell me how your PC is running

[derek01f]

ok i'll do that first thing tomorrow morning. thanks

[derek01f]

OTmoveit2 Log:

Explorer killed successfully
C:\downloads\ca_setup.exe moved successfully.
C:\downloads\Nero 8 Ultra Edition 8.2.8.0+Keymaker moved successfully.
C:\WINDOWS\system32\perfs.exe moved successfully.
< purity >
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 05022008_090041

[derek01f]

Ok I rebooted the machine. Everything seems to be fine. I'm not getting the avast alert anymore.

Can you explain what all we did here. I'm a network administrator so I'm pretty computer savy.

[Rorschach112]

You had an infection called Delf which loads up a driver. You can't remove it unless you find the driver, which is what we used Kaspersky for. It is usually a very tough infection to remove.

All done now


Follow these steps to uninstall Combofix and tools used in the removal of malware

• Click START then RUN
• Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  

You now need to update your Java and remove your older versions.

Please follow these steps to remove older version Java components.

* Click Start > Control Panel.
* Click Add/Remove Programs.
* Check any item with Java Runtime Environment (JRE) in the name.
* Click the Remove or Change/Remove button.

Download the latest version of Java Runtime Environment (JRE), and install it to your computer from
here



Below I have included a number of recommendations for how to protect your computer against malware infections.

* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:
SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here

* SpywareGuard offers realtime protection from spyware installation attempts.

Make Internet Explorer more secure

• Click Start > Run
• Type Inetcpl.cpl & click OK
• Click on the Security tab
• Click Reset all zones to default level
• Make sure the Internet Zone is selected & Click Custom level
• In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
• Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.

[derek01f]

Thanks alot for all your help. I was going to wipe my laptop this was alot easier

[Rorschach112]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.