Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Help! malware.bnkf and trojan.win2.pakes.bxx HJT

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Help! malware.bnkf and trojan.win2.pakes.bxx HJT

Unread postby wxmansmith » January 27th, 2008, 3:57 pm

Greetings,

I could use some help with my machine as this is getting quite frustrating. I have been trying to track this down for some time now. I have gone through the tips here along with other removal techniques on my own and I'm still seeing excessive pop-up windows and scans showing virus and spyware detected. Here is my latest NJT log. I have recently run Fsecure as well and can post that log if needed.

Thanks!

-------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:47:30 PM, on 1/27/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\PROGRA~1\CLIMAT~1\execs\CPDNSE~1.EXE
D:\Program Files\NavNT\defwatch.exe
D:\PROGRA~1\CLIMAT~1\execs\Client Interface.exe
C:\WINDOWS\System32\E_S00RP1.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\SAgent4.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\timesync.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\MsgSys.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\RunDll32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
D:\Program Files\Napster\napster.exe
D:\Program Files\NavNT\vptray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\Program Files\PokerOffice\bin\javaw.exe
C:\WINDOWS\System32\RunDLL32.exe
C:\sj650\hpupdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\ss245sd.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Microsoft Money\System\Money Express.exe
D:\Program Files\tunebite\tunebite.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\AIM6\aim6.exe
D:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Microsoft Office\Office10\msoffice.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\WINDOWS\system32\notepad.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\HPZinw12.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CInternetExplorerAssistant - {59693FA9-25A3-4D8C-BB03-35658A5D83DA} - C:\PROGRA~1\INTERN~2\INTERN~1.DLL
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HGTXPEI] C:\WINDOWS\EndInstall.exe
O4 - HKLM\..\Run: [SoundFusion] RunDll32 hercplgs.cpl,BootEntryPoint
O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB002" /M "Stylus CX5400"
O4 - HKLM\..\Run: [POEngine] "D:\Program Files\PokerOffice\POEngine.exe" D:\Program Files\PokerOffice
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NapsterShell] D:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [vptray] D:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [VF0060 STISvc] RunDLL32.exe V0060Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [hp Update 3300C] C:\sj650\hpupdate.exe 3300C+
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ss245sd] C:\WINDOWS\ss245sd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealOne Player\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [AnyDVD] D:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [tunebite.exe] D:\Program Files\tunebite\tunebite.exe -hidden
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Download by NetAnts - D:\PROGRA~1\NetAnts\NAGet.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download &All by NetAnts - D:\PROGRA~1\NetAnts\NAGetAll.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Travelaxe - {32A32D38-B8ED-4b3f-AFD0-EF23B697B5C1} - C:\Program Files\Travelaxe\Travelaxe.exe
O9 - Extra button: NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - D:\PROGRA~1\NetAnts\NetAnts.exe
O9 - Extra 'Tools' menuitem: &NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - D:\PROGRA~1\NetAnts\NetAnts.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\IAccess\AIM95\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - d:\program files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - d:\program files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/c ... /jt0_x.cab
O16 - DPF: Yahoo! Fleet - http://download.games.yahoo.com/games/c ... ltt1_x.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/c ... /tt2_x.cab
O16 - DPF: Yahoo! MLB StatTracker - http://aud4.sports.dcn.yahoo.com/java/y/mlbst8402_x.cab
O16 - DPF: Yahoo! NBA StatTracker - http://aud3.sports.yahoo.com/java/y/nbast8264_x.cab
O16 - DPF: Yahoo! NFL StatTracker - http://aud4.sports.yahoo.com/java/y/nflst8226_x.cab
O16 - DPF: Yahoo! NHL StatTracker - http://aud5.sports.yahoo.com/java/y/nhlst8244_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/c ... /pt0_x.cab
O16 - DPF: Yahoo! Word Racer - http://download.games.yahoo.com/games/c ... /wt0_x.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.c ... i_0727.dll
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.net/checkmypc/includ ... reQual.cab
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - http://www.atlas.lsu.edu/acgm/acgm.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CPDNService - University of Oxford, Computing Laboratory & Dept of Atmospheric Physics - D:\PROGRA~1\CLIMAT~1\execs\CPDNSE~1.EXE
O23 - Service: DefWatch - Symantec Corporation - D:\Program Files\NavNT\defwatch.exe
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\System32\E_S00RP1.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - D:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINDOWS\System32\SAgent4.exe
O23 - Service: TimeSync - Intellisoft AG, Switzerland - C:\WINDOWS\SYSTEM32\timesync.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 12479 bytes


Fsecure log:
Scanning Report
Saturday, January 26, 2008 09:15:35 - 19:15:49
Computer name: S
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\ D:\ E:\ F:\ G:\


--------------------------------------------------------------------------------

Result: 6 malware found
Malware.BNKF (virus)
C:\DOCUMENTS AND SETTINGS\SMITH\LOCAL SETTINGS\TEMPORARY INTERNET FILES\TEPU2314.EXE (Submitted)
Possible Browser Hijack attempt (spyware)
System (Disinfected)
Tracking Cookie (spyware)
System
System
Trojan.Win32.Pakes.bxx (virus)
C:\WQNJBL.EXE (Renamed & Submitted)
not-virus:BadJoke.Win16.Stupid.a (virus)
D:\OLD HARDDRIVE D\LOCAL DISK (G)\EUDORA HELP\EUDORA\ATTACH\SMALL.EXE (Submitted)

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 91055
System: 4832
Not scanned: 165
Actions:
Disinfected: 1
Renamed: 1
Deleted: 0
None: 4
Submitted: 3
Files not scanned:
x?e?PACKUNINSTALL$\CFGBKEND.DLL
D:\DEMO\$NTSERVICEPACKUNINSTALL$\CLASSPNP.SYS
D:\DEMO\$NTSERVICEPACKUNINSTALL$\COADMIN.DLL
D:\DEMO\$NTSERVICEPACKUNINSTALL$\COMSVCS.DLL
D:\DEMO\$NTSERVICEPACKUNINSTALL$\COPYMAR.EXE
D:\DEMO\$NTSERVICEPACKUNINSTALL$\CRUSOE.SYS
D:\DEMO\$NTSERVICEPACKUNINSTALL$\CUSTDIAL.DLL
D:\DEMO\$NTSERVICEPACKUNINSTALL$\DCAP32.DLL
D:\DEMO\$NTSERVICEPACKUNINSTALL$\DHTMLED.OCX
D:\DEMO\$NTSERVICEPACKUNINSTALL$\DISK.SYS
D:\DEMO\$NTSERVICEPACKUNINSTALL$\DRMK.SYS
D:\DEMO\$NTSERVICEPACKUNINSTALL$\DW.EXE
D:\DEMO\$NTSERVICEPACKUNINSTALL$\DXG.SYS
D:\DEMO\$NTSERVICEPACKUNINSTALL$\E0DZJ7RL.ZIP
D:\DEMO\$NTSERVICEPACKUNINSTALL$\ESSCLI.DLL
D:\DEMO\$NTSERVICEPACKUNINSTALL$\EVNTRPRV.DLL
D:\DEMO\$NTSERVICEPACKUNINSTALL$\FASTFAT.SYS
D:\DEMO\$NTSERVICEPACKUNINSTALL$\FDEPLOY.DLL
D:\DEMO\$NTSERVICEPACKUNINSTALL$\FLPYDISK.SYS
D:\DEMO\$NTSERVICEPACKUNINSTALL$\FP4AMSFT.DLL
D:\DEMO\$NTSERVICEPACKUNINSTALL$\FTPSV251.DLL
D:\DEMO\$NTSERVICEPACKUNINSTALL$\FXSPERF.DLL
D:\DEMO\$NTSERVICEPACKUNINSTALL$\GAMEENUM.SYS
D:\DEMO\$NTSERVICEPACKUNINSTALL$\GPRSLT.EXE
D:\DEMO\$NTSERVICEPACKUNINSTALL$\HELPCTR.EXE
D:\DEMO\$NTSERVICEPACKUNINSTALL$\HIDCLASS.SYS
D:\DEMO\$NTSERVICEPACKUNINSTALL$\HMMAPI.DLL
D:\DEMO\$NTSERVICEPACKUNINSTALL$\HTTPEXT.DLL
D:\DEMO\$NTSERVICEPACKUNINSTALL$\ICWCONN1.EXE
D:\DEMO\$NTSERVICEPACKUNINSTALL$\IEXPLORE.EXE
D:\DEMO\$NTSERVICEPACKUNINSTALL$\IISLOG51.DLL
D:\DEMO\$NTSERVICEPACKUNINSTALL$\IMAPI.SYS
D:\DEMO\$NTSERVICEPACKUNINSTALL$\IMJP81K.DLL
D:\DEMO\$NTSERVICEPACKUNINSTALL$\IMSCINST.EXE
D:\DEMO\$NTSERVICEPACKUNINSTALL$\INFOCOMM.DLL
D:\DEMO\$NTSERVICEPACKUNINSTALL$\IPNAT.SYS
D:\DEMO\$NTSERVICEPACKUNINSTALL$\IPP_0001.ASP
D:\DEMO\$NTSERVICEPACKUNINSTALL$\KBDCLASS.SYS
D:\DEMO\$NTSERVICEPACKUNINSTALL$\KMIXER.SYS
D:\DEMO\$NTSERVICEPACKUNINSTALL$\LICWMI.DLL
D:\DEMO\$NTSERVICEPACKUNINSTALL$\LOG.DLL
D:\DEMO\$NTSERVICEPACKUNINSTALL$\LOGONMGR.DLL
D:\DEMO\$NTSERVICEPACKUNINSTALL$\MD5FILT.DLL
D:\DEMO\$NTSERVICEPACKUNINSTALL$\MIGAPP.INF
D:\DEMO\$NTSERVICEPACKUNINSTALL$\MIGSYS.INF
D:\DEMO\$NTSERVICEPACKUNINSTALL$\MNMDD.DLL
D:\DEMO\$NTSERVICEPACKUNINSTALL$\MOFCOMP.EXE
D:\DEMO\$NTSERVICEPACKUNINSTALL$\MOUCLASS.SYS
D:\DEMO\$NTSERVICEPACKUNINSTALL$\MPLAY32.EXE
D:\DEMO\$NTSERVICEPACKUNINSTALL$\MSADO15.DLL
D:\DEMO\$NTSERVICEPACKUNINSTALL$\MSADRH15.DLL
D:\DEMO\$NTSERVICEPACKUNINSTALL$\MSCANDUI.DLL
D:\DEMO\$NTSERVICEPACKUNINSTALL$\MSCONF.DLL
D:\DEMO\$NTSERVICEPAid?J

--------------------------------------------------------------------------------

Options
Scanning engines:
F-Secure Libra: 2.4.2, 2008-01-24
F-Secure AVP: 7.0.171, 2008-01-25
F-Secure Orion: 1.2.37, 2008-01-25
F-Secure Blacklight: 1.0.64
F-Secure Draco: 1.0.35, 0597-150-72
F-Secure Pegasus: 1.19.0, 2008-00-21
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB BAT LNK ANI AVB CEO CMD LSP MAP MHT MIF PDF PHP POT WMF NWS TAR TGZ WSF ZL? {* ZIP JAR ARJ LZH TAR TGZ GZ CAB RAR BZ2 HQXSWF
Use Advanced heuristics

--------------------------------------------------------------------------------

Copyright © 1998-2006 Product support |Send virus sample to F-Secure
wxmansmith
Regular Member
 
Posts: 17
Joined: January 27th, 2008, 3:35 pm
Advertisement
Register to Remove

Re: Help! malware.bnkf and trojan.win2.pakes.bxx HJT

Unread postby Bob4 » January 27th, 2008, 6:20 pm

_________________________________
Welcome to the Forums.

The fixes we will use are specific to your problems and should only be used for this issue on this machine.

Please only use this topic to reply to. Do not start another thread.
If any other issues arise let me know.
The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear. So lets do this to the end!

  • All hijackthis logs I ask for should be done in normal mode ( not safe mode)
  • These logs should be done last after you have followed my instructions in the previous post.


Please if you decide to seek help at another forum let us know. There is a shortage of helpers and tying 2 of us up is a waste of time.
If you have any questions about any advice given here please STOP and ask!



________________________________

Go to
Start/control panel/add remove programs ;
And Uninstall

Net Ants

read about it here.
http://www.fbmsoftware.com/spyware-net/ ... n/NetAnts/

___________________________________-



I see that Viewpoint is installed.

Viewpoint, Viewpoint Manager, Viewpoint Media Player are Viewpoint components which are installed as a side effect of installing other software, most notably AOL and AOL Instant Messenger (AIM). Viewpoint Manager is responsible for managing and updating Viewpoint Media Player’s components. Viewpoint Manager is considered as foistware instead of malware since it is installed without user's approval but doesn't spy or do anything "bad". In 2006, this may change, read Viewpoint to Plunge Into Adware.

I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present:
  • Viewpoint
  • Viewpoint Manager
  • Viewpoint Media Player





______________________________
HJT
Run hijackthis and choose scan only and place a check by the following lines if present.
Close all other windows and browsers except HJT before clicking on Fix Checked

O2 - BHO: CInternetExplorerAssistant - {59693FA9-25A3-4D8C-BB03-35658A5D83DA} - C:\PROGRA~1\INTERN~2\INTERN~1.DLL
O4 - HKLM\..\Run: [ss245sd] C:\WINDOWS\ss245sd.exe
O9 - Extra button: NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - D:\PROGRA~1\NetAnts\NetAnts.exe
O9 - Extra 'Tools' menuitem: &NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - D:\PROGRA~1\NetAnts\NetAnts.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\IAccess\AIM95\aim.exe


If you no longer play online poker have HJT fix these lines also.

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - d:\program files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - d:\program files\PartyGaming\PartyPoker\RunApp.exe


______________________________



___________________________________
Reconfigure Windows XP to show hidden files::

Click Start. My Computer.
Select the Tools menu Folder Options. Select the View Tab.
Under the Hidden files and folders heading select "Show hidden files and folders".
Uncheck the "Hide protected operating system files (recommended)" option.
Uncheck the "Hide file extensions for known file types" option.
Click Yes to confirm. Click OK.
_____________________________
Task Manager
I would like you to open the task manager by pressing simeltaniously
Ctrl+Shift+Esc or cntrl /alt/delete
then go to the processes tab and end the following if present:
by: right clicking on and choosing end process.

ss245sd.exe



___________________________________
Search for and remove
Now I want you to search for and delete the following folder and all it's contents if present. If you need help finding them.
Click start /search/ all files and folders/ look for More advanced options. once in there select the first 3 boxes.
Please just remove the files/folders I listed in BOLD

C:\WINDOWS\ss245sd.exe

____________________________________



______________________________

Download and install CCleaner from here


If you use either the Firefox or Mozilla browsers, the box to uncheck for Cookies is on the Applications tab, under Firefox/Mozilla.

  • Set Cookie Retention.
    Click on the Options block on the left, then choose Cookies.
    Under the Cookies to delete pane, highlight any cookies you would like to retain permanently (those companies or sites with which you regularly visit or do business), and click the right arrow > to move them to the Cookies to keep pane.
  • Reset Temp File Removal for Regular Use.
    Click on the Options block on the left. Select the Advanced button.
    Check "Only delete files in Windows Temp folders older than 48 hours".


    Now run the program and click on Run Cleaner
    ( Do not use the Registry function to clean anything with this program. Having anything auto clean your regisrty is risky).


_________________________________

Using Internet explorer (firefox will not work)
Please do an online scan with Kaspersky Online Scanner
Click accept on the first page.

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then start to download the latest definition files.
Once the scanner is installed and the definitions downloaded, click Next.
Now click on Scan Settings
In the scan settings make sure that the following are selected:
Scan using the following Anti-Virus database:

Extended (If available otherwise Standard)
Scan Options:
Scan Archives
Scan Mail Bases
Click OK

Now under select a target to scan select My Computer


Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.



The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.

Now click on the Save as Text button:

Save the file to your desktop.

Copy and paste that information in your next post.


_________________________
In your next reply I would like to see:
  • A new HJT log
  • The report from Kasperskys scanner
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6070
Joined: November 12th, 2005, 11:26 am
Location: Florida

Re: Help! malware.bnkf and trojan.win2.pakes.bxx HJT

Unread postby wxmansmith » January 28th, 2008, 8:46 am

Thanks for the quick response and help. Below is the information you requested as well as a recap of what I have done so far. Again, thank you for your time. It is greatly appreciated!!

Here are the steps taken:

1) Removed ViewPointManager
2) Removed ViewPoint Media Player
3) Made changes and updates to HJT as requested
4) Ran CCleaner
5) Ran Kasperksy Scan
6) Rebooted
7) Ran HJT log

**I could not remove NetAnts. It kept telling me Error loading C:\Windows\System32\cd_clint.dll
*** I decided to keep PartyPoker since I do still use that application occasionally.

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, January 28, 2008 6:54:43 AM
Operating System: Microsoft Windows XP Professional, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 27/01/2008
Kaspersky Anti-Virus database records: 534257
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
K:\
X:\
Z:\

Scan Statistics:
Total number of scanned objects: 199285
Number of viruses found: 52
Number of infected objects: 196
Number of suspicious objects: 4
Duration of the scan process: 03:59:03

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\AdBreak11.zip/wbeCheck.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\AdBreak11.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\WebBuyingAssistant.zip/v1.8.6/wbuninst.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\WebBuyingAssistant.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02540000.VBN Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05400000.VBN Infected: Email-Worm.Win32.Magistr.b skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05640000.VBN Infected: Trojan-Downloader.Win32.VB.bzi skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05640002.VBN Infected: Trojan-Downloader.Win32.VB.bzi skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05640004.VBN Infected: Trojan-Downloader.Win32.VB.ceh skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05640006.VBN Infected: Trojan.Win32.VB.azo skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05980000.VBN Infected: Email-Worm.Win32.Magistr.a skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05D40000.VBN/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05D40000.VBN/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05D40000.VBN/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05D40000.VBN/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05D40000.VBN ZIP: infected - 4 skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05D40000.VBN CryptZ: infected - 4 skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07A80000.VBN Infected: Exploit.HTML.Mht skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07A80002.VBN Infected: Exploit.HTML.Mht skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07A80004.VBN/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.l skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07A80004.VBN/counter.class Infected: Trojan.Java.ClassLoader.b skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07A80004.VBN/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.d skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07A80004.VBN/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07A80004.VBN ZIP: infected - 4 skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07A80004.VBN CryptZ: infected - 4 skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07A80006.VBN/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07A80006.VBN/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07A80006.VBN/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07A80006.VBN/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07A80006.VBN ZIP: infected - 4 skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07A80006.VBN CryptZ: infected - 4 skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07F40000.VBN Infected: Trojan-Downloader.Win32.Small.aaq skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08180000.VBN Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08640000.VBN Infected: Email-Worm.Win32.Magistr.a skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08640001.VBN Infected: Email-Worm.Win32.Magistr.b skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08640002.VBN Infected: Email-Worm.Win32.Magistr.a skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08640003.VBN Infected: Email-Worm.VBS.Homepage skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08640005.VBN Infected: Flooder.Win32.FloodBots.20 skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08640007.VBN Infected: Flooder.Win32.FloodBots.20 skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0BC80000.VBN Infected: Trojan.Win32.VB.azo skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E0C0000.VBN Infected: Trojan-Spy.Win32.Wolfmp skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E400000.VBN Infected: Trojan.Win32.TalkStocks.a skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E6C0000.VBN/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E6C0000.VBN/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E6C0000.VBN/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E6C0000.VBN ZIP: infected - 3 skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E6C0000.VBN CryptZ: infected - 3 skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E6C0002.VBN/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E6C0002.VBN/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E6C0002.VBN/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E6C0002.VBN ZIP: infected - 3 skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E6C0002.VBN CryptZ: infected - 3 skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E6C0004.VBN/CrackerBox.CAB/CrackerBox.exe Infected: Trojan-DDoS.Win32.Crabox.a skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E6C0004.VBN/CrackerBox.CAB Infected: Trojan-DDoS.Win32.Crabox.a skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E6C0004.VBN ZIP: infected - 2 skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E6C0004.VBN CryptZ: infected - 2 skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\14980000.VBN/vmain.class Infected: Exploit.Java.Gimsh.b skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\14980000.VBN ZIP: infected - 1 skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\14980000.VBN CryptZ: infected - 1 skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\14980001.VBN/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\14980001.VBN NSIS: infected - 1 skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\14980001.VBN CryptZ: infected - 1 skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\14980002.VBN Infected: Trojan.Win32.Pakes.bvr skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\14980003.VBN Infected: Trojan-Clicker.Win32.Agent.mv skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\14980004.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.dil skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\14980005.VBN Infected: Trojan-Downloader.Win32.VB.bwb skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\14980006.VBN/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\14980006.VBN NSIS: infected - 1 skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\14980006.VBN CryptZ: infected - 1 skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\14980007.VBN Infected: not-a-virus:AdWare.Win32.ZenoSearch.ac skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\14980008.VBN Infected: Trojan.Win32.Agent.djz skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\14980009.VBN/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\14980009.VBN NSIS: infected - 1 skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\14980009.VBN CryptZ: infected - 1 skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\1498000A.VBN/data0004 Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\1498000A.VBN/data0005 Infected: Trojan-Clicker.HTML.IFrame.dn skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\1498000A.VBN NSIS: infected - 2 skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\1498000A.VBN CryptZ: infected - 2 skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\1498000B.VBN Infected: Trojan-Downloader.Win32.VB.bwb skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\1498000C.VBN Infected: Trojan-Clicker.Win32.Agent.mv skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\1498000D.VBN Infected: not-a-virus:AdWare.Win32.ZenoSearch.ac skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\1498000E.VBN Infected: Trojan.Win32.BHO.ab skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\1498000F.VBN Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\14980010.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.dil skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\14980011.VBN Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\14980012.VBN Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\14980013.VBN Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\14980015.VBN Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\14980017.VBN Infected: Trojan-Clicker.Win32.VB.vx skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\14980019.VBN Infected: Trojan.Win32.VB.azo skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\1498001B.VBN Infected: Trojan-Clicker.Win32.VB.vx skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\1498001D.VBN Infected: Trojan-Downloader.Win32.VB.bzi skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\1498001F.VBN Infected: not-a-virus:AdWare.Win32.ZenoSearch.ac skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\14980020.VBN Infected: Trojan-Downloader.Win32.VB.ceh skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\14980021.VBN Infected: Trojan-Downloader.Win32.VB.bzi skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\14980023.VBN Infected: Trojan-Downloader.Win32.VB.bzi skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\14980024.VBN Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\14980025.VBN/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\14980025.VBN NSIS: infected - 1 skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\14980025.VBN CryptZ: infected - 1 skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\14980027.VBN Infected: Trojan.Win32.BHO.ab skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\14980029.VBN/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\14980029.VBN NSIS: infected - 1 skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\14980029.VBN CryptZ: infected - 1 skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\14E80000.VBN/LSASecretsView/LSASecretsView.exe Infected: not-a-virus:PSWTool.Win32.MailPassView.h skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\14E80000.VBN/ProduKey/ProduKey.exe Infected: not-a-virus:PSWTool.Win32.Dialupass.o skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\14E80000.VBN ZIP: infected - 2 skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\14E80000.VBN CryptZ: infected - 2 skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\14E80001.VBN/LSASecretsView/LSASecretsView.exe Infected: not-a-virus:PSWTool.Win32.MailPassView.h skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\14E80001.VBN/ProduKey/ProduKey.exe Infected: not-a-virus:PSWTool.Win32.Dialupass.o skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\14E80001.VBN ZIP: infected - 2 skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\14E80001.VBN CryptZ: infected - 2 skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\15180000.VBN Infected: Trojan-Downloader.Win32.Zlob.bon skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\15180001.VBN Infected: Trojan-Downloader.Win32.Zlob.bon skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\15180002.VBN Infected: Trojan-Downloader.Win32.Zlob.bon skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\15180003.VBN Infected: Trojan-Downloader.Win32.Zlob.bon skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.014\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.014\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.014\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.014\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.014\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.014\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY.014\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY.014\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY.014\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY.014\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY.014\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Smith\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Smith\Desktop\OpenDisc-07.10.iso/programs/tightvnc/setup.exe/data0006 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1370 skipped
C:\Documents and Settings\Smith\Desktop\OpenDisc-07.10.iso/programs/tightvnc/setup.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1370 skipped
C:\Documents and Settings\Smith\Desktop\OpenDisc-07.10.iso ISOimage: infected - 2 skipped
C:\Documents and Settings\Smith\Desktop\smart\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Smith\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Smith\Desktop\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Smith\Desktop\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Smith\Desktop\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\Documents and Settings\Smith\Desktop\UBCD4WinV26.exe/data.rar/plugin/ipscan/ipscan.exe Infected: not-a-virus:NetTool.Win32.Portscan.c skipped
C:\Documents and Settings\Smith\Desktop\UBCD4WinV26.exe/data.rar/plugin/keyfinderpe/keyfinder.exe/data.rar/xpkey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\Documents and Settings\Smith\Desktop\UBCD4WinV26.exe/data.rar/plugin/keyfinderpe/keyfinder.exe/data.rar/officekey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\Documents and Settings\Smith\Desktop\UBCD4WinV26.exe/data.rar/plugin/keyfinderpe/keyfinder.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\Documents and Settings\Smith\Desktop\UBCD4WinV26.exe/data.rar/plugin/keyfinderpe/keyfinder.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped
C:\Documents and Settings\Smith\Desktop\UBCD4WinV26.exe/data.rar/plugin/VNCServer/vncconfig.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\Documents and Settings\Smith\Desktop\UBCD4WinV26.exe/data.rar/plugin/VNCServer/winvnc4.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\Documents and Settings\Smith\Desktop\UBCD4WinV26.exe/data.rar/plugin/ultravnc/files/vnchooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.e skipped
C:\Documents and Settings\Smith\Desktop\UBCD4WinV26.exe/data.rar/plugin/VNCServer/wm_hooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\Documents and Settings\Smith\Desktop\UBCD4WinV26.exe/data.rar/plugin/Environment/files/HideExec.exe Infected: not-a-virus:RiskTool.Win32.HideExec.b skipped
C:\Documents and Settings\Smith\Desktop\UBCD4WinV26.exe/data.rar Infected: not-a-virus:RiskTool.Win32.HideExec.b skipped
C:\Documents and Settings\Smith\Desktop\UBCD4WinV26.exe RarSFX: infected - 11 skipped
C:\Documents and Settings\Smith\Local Settings\Application Data\AOL OCP\AIM\Storage\All Users\localStorage\common.cls Object is locked skipped
C:\Documents and Settings\Smith\Local Settings\Application Data\AOL OCP\AIM\Storage\data\wxmansmith\localStorage\common.cls Object is locked skipped
C:\Documents and Settings\Smith\Local Settings\Application Data\ApplicationHistory\hpqimzone.exe.3204510e.ini.inuse Object is locked skipped
C:\Documents and Settings\Smith\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped
C:\Documents and Settings\Smith\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Smith\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Smith\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped
C:\Documents and Settings\Smith\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped
C:\Documents and Settings\Smith\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped
C:\Documents and Settings\Smith\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped
C:\Documents and Settings\Smith\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped
C:\Documents and Settings\Smith\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped
C:\Documents and Settings\Smith\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped
C:\Documents and Settings\Smith\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped
C:\Documents and Settings\Smith\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Smith\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Smith\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped
C:\Documents and Settings\Smith\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped
C:\Documents and Settings\Smith\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped
C:\Documents and Settings\Smith\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped
C:\Documents and Settings\Smith\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped
C:\Documents and Settings\Smith\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.cdx Object is locked skipped
C:\Documents and Settings\Smith\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.dbf Object is locked skipped
C:\Documents and Settings\Smith\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Smith\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Smith\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped
C:\Documents and Settings\Smith\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped
C:\Documents and Settings\Smith\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Smith\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Smith\Local Settings\Application Data\Yahoo\Widget Engine\Widgets DB\widgets.db Object is locked skipped
C:\Documents and Settings\Smith\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Smith\Local Settings\History\History.IE5\MSHist012008011420080121\index.dat Object is locked skipped
C:\Documents and Settings\Smith\Local Settings\History\History.IE5\MSHist012008012520080126\index.dat Object is locked skipped
C:\Documents and Settings\Smith\Local Settings\Temp\hpodvd09.log Object is locked skipped
C:\Documents and Settings\Smith\Local Settings\Temp\hsperfdata_Smith\2128 Object is locked skipped
C:\Documents and Settings\Smith\Local Settings\Temp\JETD0A8.tmp Object is locked skipped
C:\Documents and Settings\Smith\Local Settings\Temp\Perflib_Perfdata_a4c.dat Object is locked skipped
C:\Documents and Settings\Smith\Local Settings\Temp\~DF7DD9.tmp Object is locked skipped
C:\Documents and Settings\Smith\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Smith\ntuser.dat Object is locked skipped
C:\Documents and Settings\Smith\NTUSER.DAT.LOG Object is locked skipped
C:\piplog.log Object is locked skipped
C:\Program Files\Yahoo!\Messenger\logs\billing_Smith.log Object is locked skipped
C:\Program Files\Yahoo!\Messenger\logs\client_Smith.log Object is locked skipped
C:\Program Files\Yahoo!\Messenger\logs\network_Smith.log Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\mrofinu1000106.exe.vir Infected: Trojan-Downloader.Win32.Agent.gwh skipped
C:\QooBox\Quarantine\C\WINDOWS\mrofinu1000512.exe.vir Infected: Trojan-Downloader.Win32.Agent.gwh skipped
C:\QooBox\Quarantine\C\WINDOWS\mrofinu1239.exe.vir Infected: Trojan-Downloader.Win32.Agent.gwh skipped
C:\QooBox\Quarantine\C\WINDOWS\new_drv.sys.vir Infected: Rootkit.Win32.Agent.sz skipped
C:\SDFix\SDFix\backups\catchme.zip/dxdss.sys Infected: Trojan.Win32.Pakes.bxx skipped
C:\SDFix\SDFix\backups\catchme.zip ZIP: infected - 1 skipped
C:\System Volume Information\_restore{A941B89A-126B-4819-A0EE-7F9C2821466C}\RP1162\A0086522.exe Infected: Trojan.Win32.Pakes.bxx skipped
C:\System Volume Information\_restore{A941B89A-126B-4819-A0EE-7F9C2821466C}\RP1162\change.log Object is locked skipped
C:\WINDOWS\Debug\oakley.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\S1AF61E62.tmp Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\system32\config\sam Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\security Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\core.cache.dsk Object is locked skipped
C:\WINDOWS\system32\drivers\streamm.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WQNJBL.0XE Infected: Trojan.Win32.Pakes.bxx skipped
D:\Demo\$ntservicepackuninstall$\0aw7x7v9.dat Object is locked skipped
D:\Demo\$ntservicepackuninstall$\2qj3pjj3.zip Object is locked skipped
D:\Demo\$ntservicepackuninstall$\3hnvx7hz.dat Object is locked skipped
D:\Demo\$ntservicepackuninstall$\531jxnv3.dat Object is locked skipped
D:\Demo\$ntservicepackuninstall$\6u4dbj7p.dat Object is locked skipped
D:\Demo\$ntservicepackuninstall$\7pv7bpb7.dat Object is locked skipped
D:\Demo\$ntservicepackuninstall$\8adbnpfb.dat Object is locked skipped
D:\Demo\$ntservicepackuninstall$\8eflr9zz.zip Object is locked skipped
D:\Demo\$ntservicepackuninstall$\9z3bpf9f.zip Object is locked skipped
D:\Demo\$ntservicepackuninstall$\acgenral.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\aclayers.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\aclua.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\acpi.sys Object is locked skipped
D:\Demo\$ntservicepackuninstall$\acspecfc.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\acverfyr.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\acxtrnal.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\admin.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\admin.exe Object is locked skipped
D:\Demo\$ntservicepackuninstall$\adsiis51.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\aec.sys Object is locked skipped
D:\Demo\$ntservicepackuninstall$\afd.sys Object is locked skipped
D:\Demo\$ntservicepackuninstall$\amdk6.sys Object is locked skipped
D:\Demo\$ntservicepackuninstall$\apphelp.sdb Object is locked skipped
D:\Demo\$ntservicepackuninstall$\appmgmts.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\appmgr.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\arp1394.sys Object is locked skipped
D:\Demo\$ntservicepackuninstall$\asp51.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\atapi.sys Object is locked skipped
D:\Demo\$ntservicepackuninstall$\atmlane.sys Object is locked skipped
D:\Demo\$ntservicepackuninstall$\author.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\author.exe Object is locked skipped
D:\Demo\$ntservicepackuninstall$\b7nlz3l7.dat Object is locked skipped
D:\Demo\$ntservicepackuninstall$\batt.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\bridge.sys Object is locked skipped
D:\Demo\$ntservicepackuninstall$\callcont.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\catsrvut.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\cdfs.sys Object is locked skipped
D:\Demo\$ntservicepackuninstall$\cdrom.sys Object is locked skipped
D:\Demo\$ntservicepackuninstall$\cfgbkend.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\cfgwiz.exe Object is locked skipped
D:\Demo\$ntservicepackuninstall$\chajei.ime Object is locked skipped
D:\Demo\$ntservicepackuninstall$\chtmbx.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\chtskdic.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\chtskf.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\cimwin32.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\cintime.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\cintlgnt.ime Object is locked skipped
D:\Demo\$ntservicepackuninstall$\cintsetp.exe Object is locked skipped
D:\Demo\$ntservicepackuninstall$\classpnp.sys Object is locked skipped
D:\Demo\$ntservicepackuninstall$\clipbrd.exe Object is locked skipped
D:\Demo\$ntservicepackuninstall$\coadmin.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\comadmin.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\comsvcs.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\conf.exe Object is locked skipped
D:\Demo\$ntservicepackuninstall$\copymar.exe Object is locked skipped
D:\Demo\$ntservicepackuninstall$\courtney.acs Object is locked skipped
D:\Demo\$ntservicepackuninstall$\cplexe.exe Object is locked skipped
D:\Demo\$ntservicepackuninstall$\crusoe.sys Object is locked skipped
D:\Demo\$ntservicepackuninstall$\custdial.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\dayi.ime Object is locked skipped
D:\Demo\$ntservicepackuninstall$\dcap32.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\dhtmled.ocx Object is locked skipped
D:\Demo\$ntservicepackuninstall$\disk.sys Object is locked skipped
D:\Demo\$ntservicepackuninstall$\diskdump.sys Object is locked skipped
D:\Demo\$ntservicepackuninstall$\dlimport.exe Object is locked skipped
D:\Demo\$ntservicepackuninstall$\drmk.sys Object is locked skipped
D:\Demo\$ntservicepackuninstall$\drmkaud.sys Object is locked skipped
D:\Demo\$ntservicepackuninstall$\drvmain.sdb Object is locked skipped
D:\Demo\$ntservicepackuninstall$\dw.exe Object is locked skipped
D:\Demo\$ntservicepackuninstall$\dwprivacy.hta Object is locked skipped
D:\Demo\$ntservicepackuninstall$\dxg.sys Object is locked skipped
D:\Demo\$ntservicepackuninstall$\dxmasf.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\e0dzj7rl.zip Object is locked skipped
D:\Demo\$ntservicepackuninstall$\earl.acs Object is locked skipped
D:\Demo\$ntservicepackuninstall$\esscli.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\evntrprv.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\fastfat.sys Object is locked skipped
D:\Demo\$ntservicepackuninstall$\fastprox.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\fdeploy.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\flpydisk.sys Object is locked skipped
D:\Demo\$ntservicepackuninstall$\fp4.cat Object is locked skipped
D:\Demo\$ntservicepackuninstall$\fp4amsft.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\fp4anscp.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\fp4apws.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\fp4areg.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\fp4atxt.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\fp4autl.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\fp4avnb.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\fp4avss.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\fp4awebs.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\fp4awel.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\fp98sadm.exe Object is locked skipped
D:\Demo\$ntservicepackuninstall$\fp98swin.exe Object is locked skipped
D:\Demo\$ntservicepackuninstall$\fpadmcgi.exe Object is locked skipped
D:\Demo\$ntservicepackuninstall$\fpadmdll.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\fpcount.exe Object is locked skipped
D:\Demo\$ntservicepackuninstall$\fpencode.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\fpexedll.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\fpmmc.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\fpmmcsat.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\fpremadm.exe Object is locked skipped
D:\Demo\$ntservicepackuninstall$\frp33bv1.dat Object is locked skipped
D:\Demo\$ntservicepackuninstall$\ftpsv251.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\fxsapi.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\fxsclnt.exe Object is locked skipped
D:\Demo\$ntservicepackuninstall$\fxscomex.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\fxscover.exe Object is locked skipped
D:\Demo\$ntservicepackuninstall$\fxsdrv.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\fxsext32.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\fxsperf.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\fxsres.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\fxsst.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\fxssvc.exe Object is locked skipped
D:\Demo\$ntservicepackuninstall$\fxst30.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\fxstiff.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\fxsui.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\fxswzrd.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\fxsxp32.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\gameenum.sys Object is locked skipped
D:\Demo\$ntservicepackuninstall$\gckernel.sys Object is locked skipped
D:\Demo\$ntservicepackuninstall$\gprslt.exe Object is locked skipped
D:\Demo\$ntservicepackuninstall$\gptext.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\guitrn.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\guitrn_a.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\h323cc.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\helpctr.exe Object is locked skipped
D:\Demo\$ntservicepackuninstall$\helpsvc.exe Object is locked skipped
D:\Demo\$ntservicepackuninstall$\hidclass.sys Object is locked skipped
D:\Demo\$ntservicepackuninstall$\highcont.mar Object is locked skipped
D:\Demo\$ntservicepackuninstall$\hmmapi.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\httpext.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\httpod51.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\i8042prt.sys Object is locked skipped
D:\Demo\$ntservicepackuninstall$\icaapi.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\icwconn1.exe Object is locked skipped
D:\Demo\$ntservicepackuninstall$\iexplore.exe Object is locked skipped
D:\Demo\$ntservicepackuninstall$\ighb5bfr.dat Object is locked skipped
D:\Demo\$ntservicepackuninstall$\iislog51.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\ils.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\imapi.sys Object is locked skipped
D:\Demo\$ntservicepackuninstall$\imekr61.ime Object is locked skipped
D:\Demo\$ntservicepackuninstall$\imekrcic.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\imjp81.ime Object is locked skipped
D:\Demo\$ntservicepackuninstall$\imjp81k.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\imjpcic.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\imjpcus.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\imjpdct.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\imjpdct.exe Object is locked skipped
D:\Demo\$ntservicepackuninstall$\imjpdsvr.exe Object is locked skipped
D:\Demo\$ntservicepackuninstall$\imjpinst.exe Object is locked skipped
D:\Demo\$ntservicepackuninstall$\imjpmig.exe Object is locked skipped
D:\Demo\$ntservicepackuninstall$\imjprw.exe Object is locked skipped
D:\Demo\$ntservicepackuninstall$\imjputy.exe Object is locked skipped
D:\Demo\$ntservicepackuninstall$\imjputyc.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\imlang.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\imscinst.exe Object is locked skipped
D:\Demo\$ntservicepackuninstall$\inetcomm.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\infocomm.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\ipnat.sys Object is locked skipped
D:\Demo\$ntservicepackuninstall$\ipp_0001.asp Object is locked skipped
D:\Demo\$ntservicepackuninstall$\ipp_0002.asp Object is locked skipped
D:\Demo\$ntservicepackuninstall$\ipp_0004.asp Object is locked skipped
D:\Demo\$ntservicepackuninstall$\ipp_0006.asp Object is locked skipped
D:\Demo\$ntservicepackuninstall$\ipp_0013.asp Object is locked skipped
D:\Demo\$ntservicepackuninstall$\ipp_0014.asp Object is locked skipped
D:\Demo\$ntservicepackuninstall$\ipp_util.inc Object is locked skipped
D:\Demo\$ntservicepackuninstall$\ipsec.sys Object is locked skipped
D:\Demo\$ntservicepackuninstall$\kbdclass.sys Object is locked skipped
D:\Demo\$ntservicepackuninstall$\kmixer.sys Object is locked skipped
D:\Demo\$ntservicepackuninstall$\ks.sys Object is locked skipped
D:\Demo\$ntservicepackuninstall$\lcladvd.xml Object is locked skipped
D:\Demo\$ntservicepackuninstall$\lcldocs.xml Object is locked skipped
D:\Demo\$ntservicepackuninstall$\licwmi.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\licwmi.mof Object is locked skipped
D:\Demo\$ntservicepackuninstall$\lnp3dz5j.dat Object is locked skipped
D:\Demo\$ntservicepackuninstall$\log.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\logonmgr.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\lzln1f37.dat Object is locked skipped
D:\Demo\$ntservicepackuninstall$\mail.mar Object is locked skipped
D:\Demo\$ntservicepackuninstall$\manifest.xml Object is locked skipped
D:\Demo\$ntservicepackuninstall$\market.mar Object is locked skipped
D:\Demo\$ntservicepackuninstall$\market.mar.000 Object is locked skipped
D:\Demo\$ntservicepackuninstall$\market.mar.001 Object is locked skipped
D:\Demo\$ntservicepackuninstall$\market.mar.002 Object is locked skipped
D:\Demo\$ntservicepackuninstall$\market.mar.003 Object is locked skipped
D:\Demo\$ntservicepackuninstall$\market.mar.004 Object is locked skipped
D:\Demo\$ntservicepackuninstall$\market.mar.005 Object is locked skipped
D:\Demo\$ntservicepackuninstall$\market.mar.006 Object is locked skipped
D:\Demo\$ntservicepackuninstall$\market.mar.007 Object is locked skipped
D:\Demo\$ntservicepackuninstall$\md5filt.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\migapp.inf Object is locked skipped
D:\Demo\$ntservicepackuninstall$\migism.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\migism.inf Object is locked skipped
D:\Demo\$ntservicepackuninstall$\migism_a.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\migload.exe Object is locked skipped
D:\Demo\$ntservicepackuninstall$\migrate.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\migrate.dll.000 Object is locked skipped
D:\Demo\$ntservicepackuninstall$\migsys.inf Object is locked skipped
D:\Demo\$ntservicepackuninstall$\migwiz.exe Object is locked skipped
D:\Demo\$ntservicepackuninstall$\migwiz.inf Object is locked skipped
D:\Demo\$ntservicepackuninstall$\migwiz_a.exe Object is locked skipped
D:\Demo\$ntservicepackuninstall$\mnmdd.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\mofcomp.exe Object is locked skipped
D:\Demo\$ntservicepackuninstall$\mofd.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\mouclass.sys Object is locked skipped
D:\Demo\$ntservicepackuninstall$\moviemk.exe Object is locked skipped
D:\Demo\$ntservicepackuninstall$\mplay32.exe Object is locked skipped
D:\Demo\$ntservicepackuninstall$\mplayer2.exe Object is locked skipped
D:\Demo\$ntservicepackuninstall$\mqac.sys Object is locked skipped
D:\Demo\$ntservicepackuninstall$\mqad.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\mqise.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\mqqm.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\mqrt.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\mqsec.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\mqsnap.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\mqtrig.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\mqutil.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\mrxsmb.sys Object is locked skipped
D:\Demo\$ntservicepackuninstall$\msadce.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\msadcf.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\msadco.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\msadcs.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\msadds.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\msado15.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\msado20.tlb Object is locked skipped
D:\Demo\$ntservicepackuninstall$\msado21.tlb Object is locked skipped
D:\Demo\$ntservicepackuninstall$\msado25.tlb Object is locked skipped
D:\Demo\$ntservicepackuninstall$\msado26.tlb Object is locked skipped
D:\Demo\$ntservicepackuninstall$\msadomd.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\msador15.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\msadox.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\msadrh15.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\mscandui.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\msconf.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\msconfig.exe Object is locked skipped
D:\Demo\$ntservicepackuninstall$\msdadc.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\msdaenum.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\msdaer.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\msdaora.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\msdaosp.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\msdaprst.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\msdaps.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\msdarem.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\msdasc.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\msdasql.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\msdatl3.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\msdatt.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\msdaurl.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\msdbx.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\msdfmap.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\msdtcprx.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\msdvdopt.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\msdxm.ocx Object is locked skipped
D:\Demo\$ntservicepackuninstall$\msdxm.ocx.000 Object is locked skipped
D:\Demo\$ntservicepackuninstall$\msh261.drv Object is locked skipped
D:\Demo\$ntservicepackuninstall$\msimain.sdb Object is locked skipped
D:\Demo\$ntservicepackuninstall$\msimn.exe Object is locked skipped
D:\Demo\$ntservicepackuninstall$\msjetol1.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\msjro.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\mskssrv.sys Object is locked skipped
D:\Demo\$ntservicepackuninstall$\msmom.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\msmqocm.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\msmsgs.cat Object is locked skipped
D:\Demo\$ntservicepackuninstall$\msmsgsin.exe Object is locked skipped
D:\Demo\$ntservicepackuninstall$\msn.inf Object is locked skipped
D:\Demo\$ntservicepackuninstall$\msn6.exe Object is locked skipped
D:\Demo\$ntservicepackuninstall$\msnmetal.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\msnmtllc.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\msnspell.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\msnunin.exe Object is locked skipped
D:\Demo\$ntservicepackuninstall$\msnupgrd.inf Object is locked skipped
D:\Demo\$ntservicepackuninstall$\msoe.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\msoeacct.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\msoert2.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\mspaint.exe Object is locked skipped
D:\Demo\$ntservicepackuninstall$\mst120.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\mst123.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\mstask.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\mstinit.exe Object is locked skipped
D:\Demo\$ntservicepackuninstall$\mstsc.exe Object is locked skipped
D:\Demo\$ntservicepackuninstall$\mstscax.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\mstsweb.cat Object is locked skipped
D:\Demo\$ntservicepackuninstall$\mstvca.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\mstvgs.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\msxactps.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\msxml2.dll.000 Object is locked skipped
D:\Demo\$ntservicepackuninstall$\msxml3.dll.000 Object is locked skipped
D:\Demo\$ntservicepackuninstall$\muisetup.exe Object is locked skipped
D:\Demo\$ntservicepackuninstall$\mup.sys Object is locked skipped
D:\Demo\$ntservicepackuninstall$\nac.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\ncprov.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\ndis.sys Object is locked skipped
D:\Demo\$ntservicepackuninstall$\ndisnpp.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\ndisuio.sys Object is locked skipped
D:\Demo\$ntservicepackuninstall$\ndiswan.sys Object is locked skipped
D:\Demo\$ntservicepackuninstall$\netbios.sys Object is locked skipped
D:\Demo\$ntservicepackuninstall$\netbt.sys Object is locked skipped
D:\Demo\$ntservicepackuninstall$\newalert.wav Object is locked skipped
D:\Demo\$ntservicepackuninstall$\newemail.wav Object is locked skipped
D:\Demo\$ntservicepackuninstall$\nic1394.sys Object is locked skipped
D:\Demo\$ntservicepackuninstall$\nmas.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\nmasnt.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\nmchat.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\nmcom.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\nmft.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\nmmkcert.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\nmnt.sys Object is locked skipped
D:\Demo\$ntservicepackuninstall$\nmoldwb.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\nmwb.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\npdrmv2.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\npdsplay.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\nppagent.exe Object is locked skipped
D:\Demo\$ntservicepackuninstall$\npwmsdrm.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\nt5.cat Object is locked skipped
D:\Demo\$ntservicepackuninstall$\nt5inf.cat Object is locked skipped
D:\Demo\$ntservicepackuninstall$\nt7rp3j7.dat Object is locked skipped
D:\Demo\$ntservicepackuninstall$\ntfs.sys Object is locked skipped
D:\Demo\$ntservicepackuninstall$\ntkrnlmp.exe Object is locked skipped
D:\Demo\$ntservicepackuninstall$\ntkrnlpa.exe Object is locked skipped
D:\Demo\$ntservicepackuninstall$\ntkrpamp.exe Object is locked skipped
D:\Demo\$ntservicepackuninstall$\ntoskrnl.exe Object is locked skipped
D:\Demo\$ntservicepackuninstall$\ntprint.cat Object is locked skipped
D:\Demo\$ntservicepackuninstall$\nwrdr.sys Object is locked skipped
D:\Demo\$ntservicepackuninstall$\nwwks.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\oledb32.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\online.wav Object is locked skipped
D:\Demo\$ntservicepackuninstall$\p3.sys Object is locked skipped
D:\Demo\$ntservicepackuninstall$\padrs404.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\padrs804.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\page1.asp Object is locked skipped
D:\Demo\$ntservicepackuninstall$\parport.sys Object is locked skipped
D:\Demo\$ntservicepackuninstall$\pchshell.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\pchsvc.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\pci.sys Object is locked skipped
D:\Demo\$ntservicepackuninstall$\pciidex.sys Object is locked skipped
D:\Demo\$ntservicepackuninstall$\pcmcia.sys Object is locked skipped
D:\Demo\$ntservicepackuninstall$\phon.ime Object is locked skipped
D:\Demo\$ntservicepackuninstall$\pintlcsa.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\pintlcsd.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\pintlgnt.ime Object is locked skipped
D:\Demo\$ntservicepackuninstall$\pintlphr.exe Object is locked skipped
D:\Demo\$ntservicepackuninstall$\pjnhn7rh.dat Object is locked skipped
D:\Demo\$ntservicepackuninstall$\pmigrate.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\policman.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\popc.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\portcls.sys Object is locked skipped
D:\Demo\$ntservicepackuninstall$\processr.sys Object is locked skipped
D:\Demo\$ntservicepackuninstall$\psched.sys Object is locked skipped
D:\Demo\$ntservicepackuninstall$\pz5brbtf.zip Object is locked skipped
D:\Demo\$ntservicepackuninstall$\q8c09jjt.zip Object is locked skipped
D:\Demo\$ntservicepackuninstall$\quick.ime Object is locked skipped
D:\Demo\$ntservicepackuninstall$\rasl2tp.sys Object is locked skipped
D:\Demo\$ntservicepackuninstall$\raspptp.sys Object is locked skipped
D:\Demo\$ntservicepackuninstall$\rblnbdff.zip Object is locked skipped
D:\Demo\$ntservicepackuninstall$\rdbss.sys Object is locked skipped
D:\Demo\$ntservicepackuninstall$\rdchost.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\rdpclip.exe Object is locked skipped
D:\Demo\$ntservicepackuninstall$\rdpdr.sys Object is locked skipped
D:\Demo\$ntservicepackuninstall$\rdpsnd.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\rdpwd.sys Object is locked skipped
D:\Demo\$ntservicepackuninstall$\rdpwsx.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\rdsaddin.exe Object is locked skipped
D:\Demo\$ntservicepackuninstall$\redbook.sys Object is locked skipped
D:\Demo\$ntservicepackuninstall$\remotepg.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\repdrvfs.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\romanime.ime Object is locked skipped
D:\Demo\$ntservicepackuninstall$\rrcm.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\rsnotify.exe Object is locked skipped
D:\Demo\$ntservicepackuninstall$\rstrui.exe Object is locked skipped
D:\Demo\$ntservicepackuninstall$\sapi.cpl Object is locked skipped
D:\Demo\$ntservicepackuninstall$\sapi.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\schedsvc.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\script.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\script_a.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\scsiport.sys Object is locked skipped
D:\Demo\$ntservicepackuninstall$\sctasks.exe Object is locked skipped
D:\Demo\$ntservicepackuninstall$\secdrv.sys Object is locked skipped
D:\Demo\$ntservicepackuninstall$\serial.sys Object is locked skipped
D:\Demo\$ntservicepackuninstall$\sessmgr.exe Object is locked skipped
D:\Demo\$ntservicepackuninstall$\setup50.exe Object is locked skipped
D:\Demo\$ntservicepackuninstall$\setup_wm.exe Object is locked skipped
D:\Demo\$ntservicepackuninstall$\sfloppy.sys Object is locked skipped
D:\Demo\$ntservicepackuninstall$\shtml.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\shtml.exe Object is locked skipped
D:\Demo\$ntservicepackuninstall$\signup.mar Object is locked skipped
D:\Demo\$ntservicepackuninstall$\smi2smir.exe Object is locked skipped
D:\Demo\$ntservicepackuninstall$\snmp.exe Object is locked skipped
D:\Demo\$ntservicepackuninstall$\snmpcl.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\snmpincl.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\snmpsmir.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\snmpthrd.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\softkbd.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\sonydcam.sys Object is locked skipped
D:\Demo\$ntservicepackuninstall$\sp1.cat Object is locked skipped
D:\Demo\$ntservicepackuninstall$\spider.exe Object is locked skipped
D:\Demo\$ntservicepackuninstall$\splitter.sys Object is locked skipped
D:\Demo\$ntservicepackuninstall$\sptip.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\sqloledb.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\sqlxmlx.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\sr.sys Object is locked skipped
D:\Demo\$ntservicepackuninstall$\srchui.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\ssinc51.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\stdprov.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\storprop.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\stream.sys Object is locked skipped
D:\Demo\$ntservicepackuninstall$\swflash.ocx Object is locked skipped
D:\Demo\$ntservicepackuninstall$\sysaudio.sys Object is locked skipped
D:\Demo\$ntservicepackuninstall$\sysmain.sdb Object is locked skipped
D:\Demo\$ntservicepackuninstall$\sysmod.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\sysmod_a.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\tape.sys Object is locked skipped
D:\Demo\$ntservicepackuninstall$\tcpip.sys Object is locked skipped
D:\Demo\$ntservicepackuninstall$\tcpip6.sys Object is locked skipped
D:\Demo\$ntservicepackuninstall$\tcptest.exe Object is locked skipped
D:\Demo\$ntservicepackuninstall$\tcptsat.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\termdd.sys Object is locked skipped
D:\Demo\$ntservicepackuninstall$\termsrv.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\themedef.mar Object is locked skipped
D:\Demo\$ntservicepackuninstall$\tintlgnt.ime Object is locked skipped
D:\Demo\$ntservicepackuninstall$\tintlphr.exe Object is locked skipped
D:\Demo\$ntservicepackuninstall$\tintsetp.exe Object is locked skipped
D:\Demo\$ntservicepackuninstall$\tlntadmn.exe Object is locked skipped
D:\Demo\$ntservicepackuninstall$\tlntsess.exe Object is locked skipped
D:\Demo\$ntservicepackuninstall$\tlntsvr.exe Object is locked skipped
D:\Demo\$ntservicepackuninstall$\tlntsvrp.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\tmigrate.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\tnnlfd7h.zip Object is locked skipped
D:\Demo\$ntservicepackuninstall$\tracerpt.exe Object is locked skipped
D:\Demo\$ntservicepackuninstall$\triedit.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\tscfgwmi.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\tscfgwmi.mfl Object is locked skipped
D:\Demo\$ntservicepackuninstall$\tscfgwmi.mof Object is locked skipped
D:\Demo\$ntservicepackuninstall$\tscupgrd.exe Object is locked skipped
D:\Demo\$ntservicepackuninstall$\tv5nd77n.zip Object is locked skipped
D:\Demo\$ntservicepackuninstall$\udfs.sys Object is locked skipped
D:\Demo\$ntservicepackuninstall$\ui.mar Object is locked skipped
D:\Demo\$ntservicepackuninstall$\unicdime.ime Object is locked skipped
D:\Demo\$ntservicepackuninstall$\unidrv.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\unidrvui.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\uniime.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\unregmp2.exe Object is locked skipped
D:\Demo\$ntservicepackuninstall$\unregmp2.exe.000 Object is locked skipped
D:\Demo\$ntservicepackuninstall$\update.exe Object is locked skipped
D:\Demo\$ntservicepackuninstall$\usbhub.sys Object is locked skipped
D:\Demo\$ntservicepackuninstall$\usbintel.sys Object is locked skipped
D:\Demo\$ntservicepackuninstall$\usbport.sys Object is locked skipped
D:\Demo\$ntservicepackuninstall$\usbuhci.sys Object is locked skipped
D:\Demo\$ntservicepackuninstall$\usmtdef.inf Object is locked skipped
D:\Demo\$ntservicepackuninstall$\vga.sys Object is locked skipped
D:\Demo\$ntservicepackuninstall$\vgx.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\viaide.sys Object is locked skipped
D:\Demo\$ntservicepackuninstall$\videoprt.sys Object is locked skipped
D:\Demo\$ntservicepackuninstall$\voicepad.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\voicesub.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\vr1jfxvt.zip Object is locked skipped
D:\Demo\$ntservicepackuninstall$\w3svc.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\w95upgnt.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\wab32.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\wab32res.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\wbemcomn.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\wbemcore.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\wbemess.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\wbemprox.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\wbemupgd.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\wdmaud.sys Object is locked skipped
D:\Demo\$ntservicepackuninstall$\winar30.ime Object is locked skipped
D:\Demo\$ntservicepackuninstall$\winhttp.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\winime.ime Object is locked skipped
D:\Demo\$ntservicepackuninstall$\wmi.mof Object is locked skipped
D:\Demo\$ntservicepackuninstall$\wmic.exe Object is locked skipped
D:\Demo\$ntservicepackuninstall$\wmicookr.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\wmidcprv.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\wmipcima.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\wmiprov.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\wmiprvsd.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\wmiprvse.exe Object is locked skipped
D:\Demo\$ntservicepackuninstall$\wmipsess.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\wmisvc.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\wmiutils.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\wmmfilt.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\wmmres.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\wmmutil.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\wmpcore.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\wmpcore.dll.000 Object is locked skipped
D:\Demo\$ntservicepackuninstall$\wmplayer.exe Object is locked skipped
D:\Demo\$ntservicepackuninstall$\wmplayer.exe.000 Object is locked skipped
D:\Demo\$ntservicepackuninstall$\wmpvis.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\wordpad.exe Object is locked skipped
D:\Demo\$ntservicepackuninstall$\wsecedit.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\wsi53nvp.dat Object is locked skipped
D:\Demo\$ntservicepackuninstall$\wuauclt.exe Object is locked skipped
D:\Demo\$ntservicepackuninstall$\wuaueng.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\wuauserv.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\wupdinfo.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\wuv3is.dll Object is locked skipped
D:\Demo\$ntservicepackuninstall$\y75jjfrf.dat Object is locked skipped
D:\Demo\$ntservicepackuninstall$\zh7rvnjv.dat Object is locked skipped
D:\docs&settings\Smith.SRS178\Local Settings\Temp\BDECache\bde54.tmp/bdeinsta25.dll Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
D:\docs&settings\Smith.SRS178\Local Settings\Temp\BDECache\bde54.tmp CAB: infected - 1 skipped
D:\HJT\backups\backup-20080112-212538-846.dll Infected: not-a-virus:AdWare.Win32.Agent.wx skipped
D:\Old Harddrive C-Main Boot\MAIN_BOOT (F)\mirc\mirc32.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.571 skipped
D:\Old Harddrive D\Local Disk (G)\eudora help\EUDORA\attach\Small.exe Infected: not-virus:BadJoke.Win16.Stupid.a skipped
D:\Program Files\Climate Prediction\execs\smallmem.cpdc Object is locked skipped
D:\Program Files\PokerOffice\log\servicelog.txt Object is locked skipped
D:\System Volume Information\_restore{A941B89A-126B-4819-A0EE-7F9C2821466C}\RP1162\change.log Object is locked skipped
E:\System Volume Information\_restore{A941B89A-126B-4819-A0EE-7F9C2821466C}\RP1162\change.log Object is locked skipped
F:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
F:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05400000.VBN Infected: Email-Worm.Win32.Magistr.b skipped
F:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05980000.VBN Infected: Email-Worm.Win32.Magistr.a skipped
F:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05D40000.VBN/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped
F:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05D40000.VBN/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped
F:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05D40000.VBN/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
F:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05D40000.VBN/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
F:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05D40000.VBN ZIP: infected - 4 skipped
F:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05D40000.VBN CryptZ: infected - 4 skipped
F:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05D40001.VBN/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped
F:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05D40001.VBN/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped
F:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05D40001.VBN/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
F:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05D40001.VBN/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
F:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05D40001.VBN ZIP: infected - 4 skipped
F:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05D40001.VBN CryptZ: infected - 4 skipped
F:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07000000.VBN Infected: Trojan-Dropper.Win32.MultiBinder.12 skipped
F:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07A80000.VBN Infected: Exploit.HTML.Mht skipped
F:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07A80002.VBN Infected: Exploit.HTML.Mht skipped
F:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07A80004.VBN/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.l skipped
F:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07A80004.VBN/counter.class Infected: Trojan.Java.ClassLoader.b skipped
F:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07A80004.VBN/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.d skipped
F:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07A80004.VBN/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
F:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07A80004.VBN ZIP: infected - 4 skipped
F:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07A80004.VBN CryptZ: infected - 4 skipped
F:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07A80006.VBN/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped
F:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07A80006.VBN/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped
F:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07A80006.VBN/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
F:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07A80006.VBN/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
F:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07A80006.VBN ZIP: infected - 4 skipped
F:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07A80006.VBN CryptZ: infected - 4 skipped
F:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07F40000.VBN Infected: Trojan-Downloader.Win32.Small.aaq skipped
F:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08640000.VBN Infected: Email-Worm.Win32.Magistr.a skipped
F:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08640001.VBN Infected: Email-Worm.Win32.Magistr.b skipped
F:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08640002.VBN Infected: Email-Worm.Win32.Magistr.a skipped
F:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08640003.VBN Infected: Email-Worm.VBS.Homepage skipped
F:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08640005.VBN Infected: Flooder.Win32.FloodBots.20 skipped
F:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08640007.VBN Infected: Flooder.Win32.FloodBots.20 skipped
F:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E0C0000.VBN Infected: Trojan-Spy.Win32.Wolfmp skipped
F:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0E400000.VBN Infected: Trojan.Win32.TalkStocks.a skipped
F:\Documents and Settings\Smith\Local Settings\Temp\cd_clint.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped
F:\System Volume Information\_restore{563FE158-D99D-462B-B9E6-AE2374EBD264}\RP4\A0000155.dll Object is locked skipped
F:\System Volume Information\_restore{563FE158-D99D-462B-B9E6-AE2374EBD264}\RP4\A0000156.inf Object is locked skipped
F:\System Volume Information\_restore{563FE158-D99D-462B-B9E6-AE2374EBD264}\RP4\A0000157.exe Object is locked skipped
F:\System Volume Information\_restore{563FE158-D99D-462B-B9E6-AE2374EBD264}\RP4\A0000158.exe Object is locked skipped
F:\System Volume Information\_restore{563FE158-D99D-462B-B9E6-AE2374EBD264}\RP4\A0000159.dll Object is locked skipped
F:\System Volume Information\_restore{563FE158-D99D-462B-B9E6-AE2374EBD264}\RP4\A0000160.dll Object is locked skipped
F:\System Volume Information\_restore{563FE158-D99D-462B-B9E6-AE2374EBD264}\RP4\A0000161.dll Object is locked skipped
F:\System Volume Information\_restore{563FE158-D99D-462B-B9E6-AE2374EBD264}\RP4\A0000162.inf Object is locked skipped
F:\System Volume Information\_restore{563FE158-D99D-462B-B9E6-AE2374EBD264}\RP4\A0000163.exe Object is locked skipped
F:\System Volume Information\_restore{563FE158-D99D-462B-B9E6-AE2374EBD264}\RP4\A0000164.dll Object is locked skipped
F:\System Volume Information\_restore{563FE158-D99D-462B-B9E6-AE2374EBD264}\RP4\A0000165.inf Object is locked skipped
F:\System Volume Information\_restore{563FE158-D99D-462B-B9E6-AE2374EBD264}\RP4\A0000166.exe Object is locked skipped
F:\System Volume Information\_restore{563FE158-D99D-462B-B9E6-AE2374EBD264}\RP4\A0000167.dll Object is locked skipped
F:\System Volume Information\_restore{563FE158-D99D-462B-B9E6-AE2374EBD264}\RP4\A0000168.dll Object is locked skipped
F:\System Volume Information\_restore{563FE158-D99D-462B-B9E6-AE2374EBD264}\RP4\A0000169.dll Object is locked skipped
F:\System Volume Information\_restore{563FE158-D99D-462B-B9E6-AE2374EBD264}\RP4\A0000170.ocx Object is locked skipped
F:\System Volume Information\_restore{563FE158-D99D-462B-B9E6-AE2374EBD264}\RP4\A0000171.dll Object is locked skipped
F:\System Volume Information\_restore{563FE158-D99D-462B-B9E6-AE2374EBD264}\RP4\A0000172.dll Object is locked skipped
F:\System Volume Information\_restore{563FE158-D99D-462B-B9E6-AE2374EBD264}\RP4\A0000173.inf Object is locked skipped
F:\System Volume Information\_restore{563FE158-D99D-462B-B9E6-AE2374EBD264}\RP4\A0000174.exe Object is locked skipped
F:\System Volume Information\_restore{A941B89A-126B-4819-A0EE-7F9C2821466C}\RP1162\change.log Object is locked skipped
F:\System Volume Information\_restore{E1A96573-9366-4D0E-9787-85F85AD12D42}\RP180\A0020296.dll Object is locked skipped
F:\System Volume Information\_restore{E1A96573-9366-4D0E-9787-85F85AD12D42}\RP180\A0020297.dll Object is locked skipped
F:\System Volume Information\_restore{E1A96573-9366-4D0E-9787-85F85AD12D42}\RP180\A0020298.dll Object is locked skipped
F:\System Volume Information\_restore{E1A96573-9366-4D0E-9787-85F85AD12D42}\RP180\A0020299.exe Object is locked skipped
F:\System Volume Information\_restore{E1A96573-9366-4D0E-9787-85F85AD12D42}\RP180\A0020300.exe Object is locked skipped
F:\System Volume Information\_restore{E1A96573-9366-4D0E-9787-85F85AD12D42}\RP180\A0020301.dll Object is locked skipped
F:\System Volume Information\_restore{E1A96573-9366-4D0E-9787-85F85AD12D42}\RP180\A0020302.ini Object is locked skipped
F:\System Volume Information\_restore{E1A96573-9366-4D0E-9787-85F85AD12D42}\RP180\A0020303.dll Object is locked skipped
F:\System Volume Information\_restore{E1A96573-9366-4D0E-9787-85F85AD12D42}\RP180\A0020304.exe Object is locked skipped
F:\System Volume Information\_restore{E1A96573-9366-4D0E-9787-85F85AD12D42}\RP180\A0020305.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.3120 skipped
F:\System Volume Information\_restore{E1A96573-9366-4D0E-9787-85F85AD12D42}\RP180\A0020306.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.d skipped
F:\System Volume Information\_restore{E1A96573-9366-4D0E-9787-85F85AD12D42}\RP180\A0020308.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.e skipped

Scan process completed.

---------------------------------------------------------------------------------------------------------
---------------------------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:39:06 AM, on 1/28/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\PROGRA~1\CLIMAT~1\execs\CPDNSE~1.EXE
D:\PROGRA~1\CLIMAT~1\execs\Client Interface.exe
D:\Program Files\NavNT\defwatch.exe
C:\WINDOWS\System32\E_S00RP1.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\SAgent4.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\timesync.exe
C:\WINDOWS\System32\MsgSys.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\RunDll32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
D:\Program Files\Napster\napster.exe
D:\Program Files\NavNT\vptray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\RunDLL32.exe
C:\sj650\hpupdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\ctfmon.exe
D:\Program Files\PokerOffice\bin\javaw.exe
C:\Program Files\Microsoft Money\System\Money Express.exe
D:\Program Files\tunebite\tunebite.exe
C:\Program Files\AIM6\aim6.exe
D:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Office\Office10\msoffice.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {59693FA9-25A3-4D8C-BB03-35658A5D83DA} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HGTXPEI] C:\WINDOWS\EndInstall.exe
O4 - HKLM\..\Run: [SoundFusion] RunDll32 hercplgs.cpl,BootEntryPoint
O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB002" /M "Stylus CX5400"
O4 - HKLM\..\Run: [POEngine] "D:\Program Files\PokerOffice\POEngine.exe" D:\Program Files\PokerOffice
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NapsterShell] D:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [vptray] D:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [VF0060 STISvc] RunDLL32.exe V0060Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [hp Update 3300C] C:\sj650\hpupdate.exe 3300C+
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealOne Player\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [AnyDVD] D:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [tunebite.exe] D:\Program Files\tunebite\tunebite.exe -hidden
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Download by NetAnts - D:\PROGRA~1\NetAnts\NAGet.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download &All by NetAnts - D:\PROGRA~1\NetAnts\NAGetAll.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Travelaxe - {32A32D38-B8ED-4b3f-AFD0-EF23B697B5C1} - C:\Program Files\Travelaxe\Travelaxe.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - d:\program files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - d:\program files\PartyGaming\PartyPoker\RunApp.exe
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/c ... /jt0_x.cab
O16 - DPF: Yahoo! Fleet - http://download.games.yahoo.com/games/c ... ltt1_x.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/c ... /tt2_x.cab
O16 - DPF: Yahoo! MLB StatTracker - http://aud4.sports.dcn.yahoo.com/java/y/mlbst8402_x.cab
O16 - DPF: Yahoo! NBA StatTracker - http://aud3.sports.yahoo.com/java/y/nbast8264_x.cab
O16 - DPF: Yahoo! NFL StatTracker - http://aud4.sports.yahoo.com/java/y/nflst8226_x.cab
O16 - DPF: Yahoo! NHL StatTracker - http://aud5.sports.yahoo.com/java/y/nhlst8244_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/c ... /pt0_x.cab
O16 - DPF: Yahoo! Word Racer - http://download.games.yahoo.com/games/c ... /wt0_x.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.c ... i_0727.dll
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.net/checkmypc/includ ... reQual.cab
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - http://www.atlas.lsu.edu/acgm/acgm.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CPDNService - University of Oxford, Computing Laboratory & Dept of Atmospheric Physics - D:\PROGRA~1\CLIMAT~1\execs\CPDNSE~1.EXE
O23 - Service: DefWatch - Symantec Corporation - D:\Program Files\NavNT\defwatch.exe
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\System32\E_S00RP1.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - D:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINDOWS\System32\SAgent4.exe
O23 - Service: TimeSync - Intellisoft AG, Switzerland - C:\WINDOWS\SYSTEM32\timesync.exe

--
End of file - 11343 bytes
wxmansmith
Regular Member
 
Posts: 17
Joined: January 27th, 2008, 3:35 pm

Re: Help! malware.bnkf and trojan.win2.pakes.bxx HJT

Unread postby Bob4 » January 28th, 2008, 3:31 pm

Looks as if you have a few specialty tools for Malware lying around.
We will be cleaning those up later as most of them are updated often and leaving an older one around not only increases
False positives by scanners but there almost useless to keep as they are outdated.




NetAnts
___________________________
OK I found the file for you to remove Netants program. Let's move the file into the correct place


Open notepad up and copy everything exactly in the box below into it.


copy /Y "F:\Documents and Settings\Smith\Local Settings\Temp\cd_clint.dll" "C:\Windows\System32\cd_clint.dll"


Now click on save and save TO YOUR DESKTOP

as "File Name" move.bat

Save as File type "all files" NOT TXT DOCUMENT


Now go ahead and remove Netants through add/remove programs.




___________________________________
Reconfigure Windows XP to show hidden files::

Click Start. My Computer.
Select the Tools menu Folder Options. Select the View Tab.
Under the Hidden files and folders heading select "Show hidden files and folders".
Uncheck the "Hide protected operating system files (recommended)" option.
Uncheck the "Hide file extensions for known file types" option.
Click Yes to confirm. Click OK.


________________________________________
Navigate to this folder and delete all contents.
D:\docs&settings\Smith.SRS178\Local Settings\Temp < Do not delete the folder just it's contents.
By clicking on edit/select all then delete button on your keyboard.




________________________________________________
OTMoveIt2 -

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\Documents and Settings\Smith\Desktop\OpenDisc-07.10.iso
    C:\WQNJBL.0XE
    D:\Old Harddrive D\Local Disk (G)\eudora help\EUDORA\attach\Small.exe
    D:\docs&settings\Smith.SRS178\Local Settings\Temp\BDECache\

  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    <<Insert files and folders to search for and move>>

  • Return to OTMoveIt2, right click in the "Paste List Of Files/Patterns To Search For and Move" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


_________________________________________________





_________________________
In your next reply I would like to see:
  • A new HJT log
  • The report from OTmove it
  • How do things seem to be running?
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6070
Joined: November 12th, 2005, 11:26 am
Location: Florida

Re: Help! malware.bnkf and trojan.win2.pakes.bxx HJT

Unread postby wxmansmith » January 28th, 2008, 7:47 pm

Thanks for the response. System seems to be responding well. Pop-ups have stopped from IE windows.
My IP logging shows a normal ammount of traffic and not constant port scanning like I was having
a while back. So, it seems its getting closer to normal! Thank you.

Let me know where to go next...


1) Ok, Netants has been removed. Thank you for tracking down that .dll

2) Removed Temp files as directed on your previous post

3) Ran OTMoveIt ... Log is posted below:

C:\Documents and Settings\Smith\Desktop\OpenDisc-07.10.iso moved successfully.
C:\WQNJBL.0XE moved successfully.
D:\Old Harddrive D\Local Disk (G)\eudora help\EUDORA\attach\Small.exe moved successfully.
Folder D:\docs&settings\Smith.SRS178\Local Settings\Temp\BDECache\ not found.

OTMoveIt2 v1.0.15 log created on 01282008_183228

4) Rebooted

5) Ran HJT and the log is posted below...

-------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:38:35 PM, on 1/28/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\PROGRA~1\CLIMAT~1\execs\CPDNSE~1.EXE
D:\PROGRA~1\CLIMAT~1\execs\Client Interface.exe
D:\Program Files\NavNT\defwatch.exe
C:\WINDOWS\System32\E_S00RP1.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\RunDll32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
D:\Program Files\Napster\napster.exe
D:\Program Files\PokerOffice\bin\javaw.exe
D:\Program Files\NavNT\vptray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\RunDLL32.exe
C:\sj650\hpupdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Microsoft Money\System\Money Express.exe
D:\Program Files\NavNT\rtvscan.exe
D:\Program Files\tunebite\tunebite.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Microsoft Office\Office10\msoffice.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\SAgent4.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\timesync.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\System32\MsgSys.EXE
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\System32\HPZinw12.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {59693FA9-25A3-4D8C-BB03-35658A5D83DA} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HGTXPEI] C:\WINDOWS\EndInstall.exe
O4 - HKLM\..\Run: [SoundFusion] RunDll32 hercplgs.cpl,BootEntryPoint
O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB002" /M "Stylus CX5400"
O4 - HKLM\..\Run: [POEngine] "D:\Program Files\PokerOffice\POEngine.exe" D:\Program Files\PokerOffice
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NapsterShell] D:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [vptray] D:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [VF0060 STISvc] RunDLL32.exe V0060Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [hp Update 3300C] C:\sj650\hpupdate.exe 3300C+
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealOne Player\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [AnyDVD] D:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [tunebite.exe] D:\Program Files\tunebite\tunebite.exe -hidden
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Travelaxe - {32A32D38-B8ED-4b3f-AFD0-EF23B697B5C1} - C:\Program Files\Travelaxe\Travelaxe.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - d:\program files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - d:\program files\PartyGaming\PartyPoker\RunApp.exe
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/c ... /jt0_x.cab
O16 - DPF: Yahoo! Fleet - http://download.games.yahoo.com/games/c ... ltt1_x.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/c ... /tt2_x.cab
O16 - DPF: Yahoo! MLB StatTracker - http://aud4.sports.dcn.yahoo.com/java/y/mlbst8402_x.cab
O16 - DPF: Yahoo! NBA StatTracker - http://aud3.sports.yahoo.com/java/y/nbast8264_x.cab
O16 - DPF: Yahoo! NFL StatTracker - http://aud4.sports.yahoo.com/java/y/nflst8226_x.cab
O16 - DPF: Yahoo! NHL StatTracker - http://aud5.sports.yahoo.com/java/y/nhlst8244_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/c ... /pt0_x.cab
O16 - DPF: Yahoo! Word Racer - http://download.games.yahoo.com/games/c ... /wt0_x.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.c ... i_0727.dll
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.net/checkmypc/includ ... reQual.cab
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - http://www.atlas.lsu.edu/acgm/acgm.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CPDNService - University of Oxford, Computing Laboratory & Dept of Atmospheric Physics - D:\PROGRA~1\CLIMAT~1\execs\CPDNSE~1.EXE
O23 - Service: DefWatch - Symantec Corporation - D:\Program Files\NavNT\defwatch.exe
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\System32\E_S00RP1.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - D:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINDOWS\System32\SAgent4.exe
O23 - Service: TimeSync - Intellisoft AG, Switzerland - C:\WINDOWS\SYSTEM32\timesync.exe

--
End of file - 11249 bytes
wxmansmith
Regular Member
 
Posts: 17
Joined: January 27th, 2008, 3:35 pm

Re: Help! malware.bnkf and trojan.win2.pakes.bxx HJT

Unread postby Bob4 » January 28th, 2008, 8:28 pm

______________________________
HJT
Run hijackthis and choose scan only and place a check by the following lines if present.
Close all other windows and browsers except HJT before clicking on Fix Checked

O2 - BHO: (no name) - {59693FA9-25A3-4D8C-BB03-35658A5D83DA} - (no file)



__________________________________________
You need to update SunJava for security reasons.
Updating Java:
Download the latest version of
Java Runtime Environment (JRE) 6 Update 4

  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 4
    ... allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name. It should have the Image icon next to it.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u4-windows-i586-p.exe
    to install the newest version.

_____________________________

Adobe Acrobat Reader update
You are using an older vulnerable version of Adobe Acrobat Reader (7.0 ). Please go here to download Adobe Acrobat Reader 8...

When you have finished installing the Acrobat Reader, please go to Add/Remove Programs and verify that there are no versions listed other than Acrobat Reader 8. If you find older versions, remove them.

When finished, reboot your computer.

________________________________________-

Please post 1 last HJT log.
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6070
Joined: November 12th, 2005, 11:26 am
Location: Florida

Re: Help! malware.bnkf and trojan.win2.pakes.bxx HJT

Unread postby wxmansmith » January 28th, 2008, 9:47 pm

Okay, updated Java and d/l'ed new Acrobat.

However, as I'm doing this I'm getting random IE pop-ups from 'Registry Defendant'...http://www.advertyz.com

So, must be something still left. Here is the latest HJT log.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:42:52 PM, on 1/28/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\PROGRA~1\CLIMAT~1\execs\CPDNSE~1.EXE
D:\PROGRA~1\CLIMAT~1\execs\Client Interface.exe
D:\Program Files\NavNT\defwatch.exe
C:\WINDOWS\System32\E_S00RP1.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\SAgent4.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\timesync.exe
D:\PROGRA~1\CLIMAT~1\execs\Model.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\RunDll32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE
D:\Program Files\Napster\napster.exe
D:\Program Files\NavNT\vptray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\Program Files\PokerOffice\bin\javaw.exe
C:\WINDOWS\System32\RunDLL32.exe
C:\sj650\hpupdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Microsoft Money\System\Money Express.exe
C:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\tunebite\tunebite.exe
C:\Program Files\AIM6\aim6.exe
D:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Microsoft Office\Office10\msoffice.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\System32\MsgSys.EXE
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\HPZinw12.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HGTXPEI] C:\WINDOWS\EndInstall.exe
O4 - HKLM\..\Run: [SoundFusion] RunDll32 hercplgs.cpl,BootEntryPoint
O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB002" /M "Stylus CX5400"
O4 - HKLM\..\Run: [POEngine] "D:\Program Files\PokerOffice\POEngine.exe" D:\Program Files\PokerOffice
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NapsterShell] D:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [vptray] D:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [VF0060 STISvc] RunDLL32.exe V0060Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [hp Update 3300C] C:\sj650\hpupdate.exe 3300C+
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealOne Player\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [AnyDVD] D:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [tunebite.exe] D:\Program Files\tunebite\tunebite.exe -hidden
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Travelaxe - {32A32D38-B8ED-4b3f-AFD0-EF23B697B5C1} - C:\Program Files\Travelaxe\Travelaxe.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - d:\program files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - d:\program files\PartyGaming\PartyPoker\RunApp.exe
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/c ... /jt0_x.cab
O16 - DPF: Yahoo! Fleet - http://download.games.yahoo.com/games/c ... ltt1_x.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/c ... /tt2_x.cab
O16 - DPF: Yahoo! MLB StatTracker - http://aud4.sports.dcn.yahoo.com/java/y/mlbst8402_x.cab
O16 - DPF: Yahoo! NBA StatTracker - http://aud3.sports.yahoo.com/java/y/nbast8264_x.cab
O16 - DPF: Yahoo! NFL StatTracker - http://aud4.sports.yahoo.com/java/y/nflst8226_x.cab
O16 - DPF: Yahoo! NHL StatTracker - http://aud5.sports.yahoo.com/java/y/nhlst8244_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/c ... /pt0_x.cab
O16 - DPF: Yahoo! Word Racer - http://download.games.yahoo.com/games/c ... /wt0_x.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.c ... i_0727.dll
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.net/checkmypc/includ ... reQual.cab
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - http://www.atlas.lsu.edu/acgm/acgm.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CPDNService - University of Oxford, Computing Laboratory & Dept of Atmospheric Physics - D:\PROGRA~1\CLIMAT~1\execs\CPDNSE~1.EXE
O23 - Service: DefWatch - Symantec Corporation - D:\Program Files\NavNT\defwatch.exe
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\System32\E_S00RP1.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - D:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINDOWS\System32\SAgent4.exe
O23 - Service: TimeSync - Intellisoft AG, Switzerland - C:\WINDOWS\SYSTEM32\timesync.exe

--
End of file - 11180 bytes
wxmansmith
Regular Member
 
Posts: 17
Joined: January 27th, 2008, 3:35 pm

Re: Help! malware.bnkf and trojan.win2.pakes.bxx HJT

Unread postby Bob4 » January 28th, 2008, 11:29 pm

Navigate to and empty this folder this I have listed in bold:

F:\Documents and Settings\Smith\Local Settings\Temp << Do not delete this folder just empty it.


open CCleaner
click on tools
highlight uninstall

down on the bottom click save to text file.
Save it to your desktop and post
the contents
of that log for me.
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6070
Joined: November 12th, 2005, 11:26 am
Location: Florida

Re: Help! malware.bnkf and trojan.win2.pakes.bxx HJT

Unread postby wxmansmith » January 29th, 2008, 12:14 am

Deleted the temp folder contents and did the same on the C drive as well.

Also, here is the program list. I tried uninstalling some older stuff from previous installs such as the Java runtime and Kazza, but both failed as specific folders/files could not be found. I think its a path issues.

Again, thanks for the time you are spending on this.

-------------------------------------------------------------------------------------------
3100_3200_3300_Help
3100_3200_3300trb
3200
ABBYY FineReader 5.0 Sprint Plus
Action Replay XBOX 1.42
Ad-aware 6 Personal
Adobe Flash Player 9 ActiveX
Adobe Flash Player Plugin
Adobe Reader 8.1.1
AIM 6
AiO_Scan_CDA
AiOSoftwareNPI
AnyDVD
AOL Instant Messenger
Apple Software Update
ArcSoft Software Suite
AVG Anti-Spyware 7.5
AVI/MPEG/RM/WMV Joiner 4.82
AXIS Media Control
BetGameDay Casino
BitLord 1.1
BitPim 0.9.08
BufferChm
CCleaner (remove only)
Climate Prediction
CloneDVD2
CP_AtenaShokunin1Config
CP_CalendarTemplates1
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
Creative WebCam Center
Creative WebCam Live! Ultra Driver (1.01.03.0127)
Creative WebCam Live! Ultra User's Guide (English)
CueTour
Data Lifeguard
DeductionPro 2006
Destinations
DeviceFunctionQFolder
DeviceManagementQFolder
DIRECTV GameTracker
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
DocProc
DocumentViewer
DocumentViewerQFolder
EA.com Matchup
EA.com Update
Easy CD Creator 5 Basic
EPSON Printer Software
eSupportQFolder
Fax_CDA
FCE Ultra
FullDPAppQFolder
Game Theater(tm) XP 6.1
Get Yahoo! Messenger
Google Toolbar for Internet Explorer
Hardware Doctor
HijackThis 2.0.2
HP Document Viewer 5.3
HP Image Zone 5.3
HP Imaging Device Functions 5.3
HP PSC & OfficeJet 5.3.A
HP Software Update
HP Solution Center & Imaging Support Tools 5.3
HPProductAssistant
InstantShareDevices
Internet Explorer Assistant 1.0
iTunes
J2SE Runtime Environment 5.0 Update 4
Java(TM) 6 Update 4
Kaspersky Online Scanner
Kazaa Lite v2.1.0 [K++ Edition] [build 3]
LG GSM PC Components
LG USB Modem driver
LiveUpdate 1.6 (Symantec Corporation)
Logitech MouseWare 9.61
Macromedia Shockwave Player
Madden NFL 2004
Microsoft .NET Framework 1.1
Microsoft Data Access Components KB870669
Microsoft IntelliType Pro 2.1
Microsoft Money 2001
Microsoft Money 2006
Microsoft Office XP Professional with FrontPage
Movie Joiner
Mozilla Firefox (2.0.0.11)
MP3 Namer
MSN Add-in for Windows Messenger
MSN Music Assistant
MusicMatch Jukebox
myfantasyleague.com Game Day 2007
MySQL Server 4.1
Napster
Napster Burn Engine
Nero Suite
NewCopy_CDA
NHL 2001
Norton AntiVirus Corporate Edition
NVIDIA Windows 2000/XP Display Drivers
Outlook Express Q823353
PanoStandAlone
PartyPoker
Pdf995
PdfEdit995
Pearl Jam Live
PhotoGallery
PokerOffice (remove only)
ProductContextNPI
QuickTime
RandMap
Readme
RealPlayer
Scan
ScannerCopy
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905495)
Security Update for Windows XP (KB905749)
Shockwave
SkinsHP1
SolutionCenter
Sonic_PrimoSDK
Spybot - Search & Destroy
Status
SUPERAntiSpyware Free Edition
TaxCut Premium 2006
Travelaxe
TrayApp
tunebite 2.2.0.3
Unload
upapp
Update for Windows XP (KB835409)
Update for Windows XP (KB898461)
Update for Windows XP (KB910437)
VideoLAN VLC media player 0.8.6b
ViewSonic Monitor Drivers
ViewSonic Windows XP Signed Files
WD Diagnostics
WebFldrs XP
WebReg
WinAVIVideoConverter
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB822603
Windows XP Hotfix - KB823559
Windows XP Hotfix - KB828741
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB835732
Windows XP Hotfix - KB840987
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887822
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892944
Windows XP Hotfix - KB893086
Windows XP Hotfix - KB896688
Windows XP Hotfix - KB896727
Windows XP Hotfix - KB905915
Windows XP Hotfix (SP2) [See Q329115 for more information]
Windows XP Hotfix (SP2) Q328310
Windows XP Hotfix (SP2) Q329170
Windows XP Hotfix (SP2) Q329441
Windows XP Hotfix (SP2) Q810577
Windows XP Hotfix (SP2) Q811493
Windows XP Hotfix (SP2) Q815021
Windows XP Hotfix (SP2) Q817606
WinRAR archiver
XviD MPEG4 Video Codec (remove only)
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar
Yahoo! Widgets
yEnc32 (remove only)
wxmansmith
Regular Member
 
Posts: 17
Joined: January 27th, 2008, 3:35 pm

Re: Help! malware.bnkf and trojan.win2.pakes.bxx HJT

Unread postby Bob4 » January 29th, 2008, 8:03 am

I would remove Kazza Lite as it's considered unsafe software as listed here
http://p2p.malwareremoval.com/index.html


__________________________
Deckard's System Scanner
Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
  1. Close all applications and windows.
  2. Double-click on dss.exe to run it, and follow the prompts.
  3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
  4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post. in your reply



________________________________-

Ever tried Firefox browser.

http://www.mozilla.com/en-US/firefox/

__________________________________

Please post the log from Dss.
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6070
Joined: November 12th, 2005, 11:26 am
Location: Florida

Re: Help! malware.bnkf and trojan.win2.pakes.bxx HJT

Unread postby wxmansmith » January 29th, 2008, 8:24 am

I'm struggling to remove Kazza. I need to find a dll for it. Its from a carry over install, so the program won't run and thats a good thing to. I'd had too many problems with that years ago, haven't touched it since.

Here are the DSS logs you requested.

MAIN.TXT

Deckard's System Scanner v20071014.68
Run by Smith on 2008-01-29 07:09:29
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
6: 2008-01-29 12:09:33 UTC - RP1167 - Deckard's System Scanner Restore Point
5: 2008-01-29 01:36:57 UTC - RP1166 - Installed Adobe Reader 8.1.1
4: 2008-01-29 01:36:44 UTC - RP1165 - Removed Adobe Reader 7.0.9
3: 2008-01-29 01:27:51 UTC - RP1164 - Installed Java(TM) 6 Update 4
2: 2008-01-29 00:52:19 UTC - RP1163 - Removed J2SE Runtime Environment 5.0 Update 6


-- First Restore Point --
1: 2008-01-29 00:52:00 UTC - RP1162 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Smith.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:10:52 AM, on 1/29/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\PROGRA~1\CLIMAT~1\execs\CPDNSE~1.EXE
D:\Program Files\NavNT\defwatch.exe
C:\WINDOWS\System32\E_S00RP1.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\SAgent4.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\timesync.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\RunDll32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE
D:\Program Files\Napster\napster.exe
D:\Program Files\NavNT\vptray.exe
D:\Program Files\PokerOffice\bin\javaw.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\RunDLL32.exe
C:\sj650\hpupdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Microsoft Money\System\Money Express.exe
C:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\tunebite\tunebite.exe
D:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Microsoft Office\Office10\msoffice.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\WINDOWS\System32\MsgSys.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
D:\PROGRA~1\CLIMAT~1\execs\Client Interface.exe
D:\PROGRA~1\CLIMAT~1\execs\Model.exe
C:\Documents and Settings\Smith\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Smith.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HGTXPEI] C:\WINDOWS\EndInstall.exe
O4 - HKLM\..\Run: [SoundFusion] RunDll32 hercplgs.cpl,BootEntryPoint
O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB002" /M "Stylus CX5400"
O4 - HKLM\..\Run: [POEngine] "D:\Program Files\PokerOffice\POEngine.exe" D:\Program Files\PokerOffice
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NapsterShell] D:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [vptray] D:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [VF0060 STISvc] RunDLL32.exe V0060Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [hp Update 3300C] C:\sj650\hpupdate.exe 3300C+
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealOne Player\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [AnyDVD] D:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [tunebite.exe] D:\Program Files\tunebite\tunebite.exe -hidden
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Travelaxe - {32A32D38-B8ED-4b3f-AFD0-EF23B697B5C1} - C:\Program Files\Travelaxe\Travelaxe.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - d:\program files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - d:\program files\PartyGaming\PartyPoker\RunApp.exe
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/c ... /jt0_x.cab
O16 - DPF: Yahoo! Fleet - http://download.games.yahoo.com/games/c ... ltt1_x.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/c ... /tt2_x.cab
O16 - DPF: Yahoo! MLB StatTracker - http://aud4.sports.dcn.yahoo.com/java/y/mlbst8402_x.cab
O16 - DPF: Yahoo! NBA StatTracker - http://aud3.sports.yahoo.com/java/y/nbast8264_x.cab
O16 - DPF: Yahoo! NFL StatTracker - http://aud4.sports.yahoo.com/java/y/nflst8226_x.cab
O16 - DPF: Yahoo! NHL StatTracker - http://aud5.sports.yahoo.com/java/y/nhlst8244_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/c ... /pt0_x.cab
O16 - DPF: Yahoo! Word Racer - http://download.games.yahoo.com/games/c ... /wt0_x.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200 ... taller.exe
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.c ... i_0727.dll
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.net/checkmypc/includ ... reQual.cab
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - http://www.atlas.lsu.edu/acgm/acgm.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CPDNService - University of Oxford, Computing Laboratory & Dept of Atmospheric Physics - D:\PROGRA~1\CLIMAT~1\execs\CPDNSE~1.EXE
O23 - Service: DefWatch - Symantec Corporation - D:\Program Files\NavNT\defwatch.exe
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\System32\E_S00RP1.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - D:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINDOWS\System32\SAgent4.exe
O23 - Service: TimeSync - Intellisoft AG, Switzerland - C:\WINDOWS\SYSTEM32\timesync.exe

--
End of file - 11097 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080113-112321-125 O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
backup-20080113-112321-131 O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
backup-20080113-112321-158 O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
backup-20080113-112321-160 O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
backup-20080113-112321-178 O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
backup-20080113-112321-218 O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
backup-20080113-112321-235 O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
backup-20080113-112321-373 O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
backup-20080113-112321-441 O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
backup-20080113-112321-464 O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
backup-20080113-112321-502 O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
backup-20080113-112321-648 O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
backup-20080113-112321-687 O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
backup-20080113-112321-693 O2 - BHO: (no name) - {477840F3-BA52-44D9-8E41-38D61CAA010F} - (no file)
backup-20080113-112321-702 O2 - BHO: (no name) - {54DE7259-C729-45B1-BBD8-4BE9B5BD8248} - (no file)
backup-20080113-112321-730 O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
backup-20080113-112321-762 O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
backup-20080113-112321-823 O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
backup-20080113-112321-826 O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
backup-20080113-112321-865 O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
backup-20080113-112321-887 O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
backup-20080113-112321-939 O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
backup-20080113-112321-950 O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
backup-20080113-112321-966 O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
backup-20080113-112321-983 O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
backup-20080113-114714-609 O4 - Startup: Spruce - Auto Update.lnk = C:\QooBox\Quarantine\C\Program Files\Spruce\Spruce.exe.vir
backup-20080127-175121-662 O4 - HKLM\..\Run: [ss245sd] C:\WINDOWS\ss245sd.exe
backup-20080127-175121-679 O2 - BHO: CInternetExplorerAssistant - {59693FA9-25A3-4D8C-BB03-35658A5D83DA} - C:\PROGRA~1\INTERN~2\INTERN~1.DLL
backup-20080127-175121-730 O9 - Extra button: NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - D:\PROGRA~1\NetAnts\NetAnts.exe
backup-20080127-175121-946 O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\IAccess\AIM95\aim.exe
backup-20080127-175121-983 O9 - Extra 'Tools' menuitem: &NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - D:\PROGRA~1\NetAnts\NetAnts.exe
backup-20080128-072943-518 O4 - HKLM\..\Run: [ss245sd] C:\WINDOWS\ss245sd.exe
backup-20080128-194710-599 O2 - BHO: (no name) - {59693FA9-25A3-4D8C-BB03-35658A5D83DA} - (no file)

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 Hpt3xxNT - c:\windows\system32\drivers\hpt3xxnt.sys <Not Verified; HighPoint Technologies,Inc.; HPT370/372>
R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R1 streamm - c:\windows\system32\drivers\streamm.sys
R1 VIAPFD - c:\windows\system32\drivers\viapfd.sys <Not Verified; VIA Technologies. Inc.; VIA PFD driver>
R2 WBHWDOCT - c:\windows\system32\drivers\wbhwdoct.sys <Not Verified; Winbond Electronics Corp.; Winbond Hardware Doctor>
R3 cwcspud (Crystal SoundFusion(tm) Driver) - c:\windows\system32\drivers\cwcspud.sys <Not Verified; Hercules (R); Hercules (R) WDM PCI Driver>
R3 cwcwdm (Crystal SoundFusion(tm) WDM Driver) - c:\windows\system32\drivers\cwcwdm.sys <Not Verified; Hercules (R); Hercules (R) WDM PCI Driver>

S0 ElbyVCD - c:\windows\system32\drivers\elbyvcd.sys (file missing)
S3 catchme - c:\docume~1\smith\locals~1\temp\catchme.sys (file missing)
S3 lgatbus (LG USB Composite Device driver (WDM)) - c:\windows\system32\drivers\lgatbus.sys <Not Verified; MCCI; LG USB Composite Device>
S3 lgatmdm (LG CDMA USB Modem Drivers) - c:\windows\system32\drivers\lgatmdm.sys <Not Verified; MCCI; LG CDMA USB Modem>
S3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 CPDNService - d:\progra~1\climat~1\execs\cpdnse~1.exe <Not Verified; University of Oxford, Computing Laboratory & Dept of Atmospheric Physics; CPDNService Module>
R2 TimeSync - c:\windows\system32\timesync.exe <Not Verified; Intellisoft AG, Switzerland; Intellisoft TimeSync>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-01-29 04:45:00 306 --a------ C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job
2008-01-25 21:52:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2007-12-29 and 2008-01-29 -----------------------------

2008-01-28 20:37:11 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe
2008-01-28 19:50:11 0 d-------- C:\Documents and Settings\Smith\.SunDownloadManager
2008-01-27 18:34:06 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab
2008-01-27 18:34:05 0 d-------- C:\WINDOWS\System32\Kaspersky Lab
2008-01-27 18:00:53 0 dr-h----- C:\Documents and Settings\Smith\Recent
2008-01-14 06:51:53 0 d-------- C:\WINDOWS\ERUNT
2008-01-13 15:57:07 0 d-------- C:\VundoFix Backups
2008-01-13 08:22:56 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2008-01-13 08:21:27 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-01-13 08:21:27 0 d-------- C:\Documents and Settings\Smith\Application Data\SUPERAntiSpyware.com
2008-01-13 08:20:59 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-13 08:20:28 0 d-------- C:\Program Files\Internet Explorer Assistant
2008-01-12 22:17:26 0 d-------- C:\Program Files\Trend Micro
2008-01-12 11:52:08 0 d-------- C:\Program Files\CCleaner
2008-01-12 11:51:02 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-01-12 10:40:29 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Rabio
2008-01-12 10:13:25 0 d--hs---- C:\WINDOWS\c3JzMTc4
2008-01-12 10:13:22 86016 --a------ C:\WINDOWS\System32\drivers\streamm.sys
2008-01-12 10:13:21 0 d-------- C:\WINDOWS\System32\vt8
2008-01-12 10:13:21 0 d-------- C:\WINDOWS\System32\mp2
2008-01-12 10:13:21 0 d-------- C:\WINDOWS\System32\ez4
2008-01-12 10:13:21 0 d-------- C:\WINDOWS\System32\che9
2008-01-12 10:13:19 0 d-------- C:\WINDOWS\System32\edcA17


-- Find3M Report ---------------------------------------------------------------

2008-01-28 20:28:14 0 d-------- C:\Program Files\Java
2008-01-27 17:49:07 0 d-------- C:\Documents and Settings\Smith\Application Data\Viewpoint
2008-01-27 17:49:04 0 d-------- C:\Program Files\Viewpoint
2008-01-15 07:10:12 0 d-------- C:\Documents and Settings\Smith\Application Data\tunebite
2008-01-13 18:17:31 4154 --a------ C:\WINDOWS\System32\tmp.reg
2008-01-13 08:20:59 0 d-------- C:\Program Files\Common Files
2008-01-12 23:12:24 0 d-------- C:\Program Files\EPSON
2008-01-12 21:17:45 0 d-------- C:\Program Files\Adaptec
2008-01-12 10:36:51 319 --a------ C:\drmHeader.bin
2007-12-12 19:48:12 0 d-------- C:\Documents and Settings\Smith\Application Data\Google
2007-12-12 19:40:41 0 d-------- C:\Program Files\AIM6


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" []
"AdaptecDirectCD"="C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [07/28/2002 09:50 PM]
"EM_EXEC"="C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [05/24/2002 08:50 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [07/25/2004 02:03 PM]
"HGTXPEI"="C:\WINDOWS\EndInstall.exe" []
"SoundFusion"="hercplgs.cpl" [10/04/2001 02:05 PM C:\WINDOWS\system32\hercplgs.cpl]
"EPSON Stylus CX5400"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.exe" [05/26/2003 03:00 PM]
"POEngine"="D:\Program Files\PokerOffice\POEngine.exe" [07/13/2005 09:17 AM]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [07/09/2001 10:50 AM]
"NapsterShell"="D:\Program Files\Napster\napster.exe" [11/08/2007 05:58 PM]
"vptray"="D:\Program Files\NavNT\vptray.exe" [09/24/2001 06:59 AM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [05/11/2005 11:12 PM]
"VF0060 STISvc"="V0060Pin.dll" [10/31/2004 08:00 PM C:\WINDOWS\system32\V0060Pin.dll]
"hp Update 3300C"="C:\sj650\hpupdate.exe" [01/31/2002 09:38 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [11/14/2007 11:43 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [11/15/2007 01:11 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [12/14/2007 03:42 AM]
"Adobe Reader Speed Launcher"="D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 07:51 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [08/29/2002 05:41 AM]
"MoneyAgent"="C:\Program Files\Microsoft Money\System\Money Express.exe" [07/19/2000 08:00 AM]
"RealPlayer"="C:\Program Files\Real\RealOne Player\realplay.exe" [06/10/2006 07:10 PM]
"AnyDVD"="D:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [10/28/2007 12:51 PM]
"tunebite.exe"="D:\Program Files\tunebite\tunebite.exe" [02/15/2006 02:16 PM]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [03/27/2007 02:22 PM]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [10/04/2007 10:20 AM]

C:\Documents and Settings\Smith\Start Menu\Programs\Startup\
Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe [7/20/2007 12:57:16 PM]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [5/11/2005 11:23:26 PM]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [5/12/2005 12:49:24 AM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 1:01:04 AM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= D:\IAccess\Qualcomm\Eudora\EuShlExt.dll [04/12/2001 06:05 PM 77824]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 01:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=NVDESK32.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- End of Deckard's System Scanner: finished at 2008-01-29 07:11:47 ------------







---------------------------------------------------------------------------------------------------------
---------------------------------------------------------------------------------------------------------

Extras:
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 1.0
Architecture: X86; Language: English

CPU 0: AMD Athlon(tm) XP 1700+
Percentage of Memory in Use: 65%
Physical Memory (total/avail): 1023.49 MiB / 352.77 MiB
Pagefile Memory (total/avail): 3232.43 MiB / 2797.18 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1948.34 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 74.5 GiB total, 49 GiB free.
D: is Fixed (NTFS) - 19.53 GiB total, 1.14 GiB free.
E: is Fixed (NTFS) - 28.54 GiB total, 4.96 GiB free.
F: is Fixed (NTFS) - 7.81 GiB total, 1.29 GiB free.
G: is Fixed (NTFS) - 74.54 GiB total, 29.34 GiB free.
K: is CDROM (No Media)
X: is CDROM (No Media)
Z: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD16 00JB-00GVA0 SCSI Disk Device - 128 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 74.5 GiB - C:
\PARTITION1 - Installable File System - 74.54 GiB - G:

\\.\PHYSICALDRIVE1 - WDC WD60 0BB-32CXA0 SCSI Disk Device - 55.9 GiB - 3 partitions
\PARTITION0 (bootable) - Installable File System - 7.81 GiB - F:
\PARTITION1 - Installable File System - 19.53 GiB - D:
\PARTITION2 - Installable File System - 28.54 GiB - E:



-- Security Center -------------------------------------------------------------

AUOptions is set to notify before download.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users.WINDOWS
APPDATA=C:\Documents and Settings\Smith\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=SRS178
ComSpec=C:\WINDOWS\system32\cmd.exe
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Smith
LOGONSERVER=\\SRS178
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Common Files\Adaptec Shared\System;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 6 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0602
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Smith\LOCALS~1\Temp
TMP=C:\DOCUME~1\Smith\LOCALS~1\Temp
USERDOMAIN=SRS178
USERNAME=Smith
USERPROFILE=C:\Documents and Settings\Smith
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Smith.SRS178.000 (admin)
Steve (new local, admin)
Steve.SRS178 (new local, admin)
Smith (admin)
Administrator.SRS178.002 (new local, admin)
Guest (guest)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNNMP.exe /UNINSTALL
--> C:\WINDOWS\UNNVEContent.exe /UNINSTALL
--> D:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E5ABA5FD-EE3D-4F15-895D-B32321E6C96B}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EAF97B2C-0B9B-403C-829C-EF8099237DA9}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 5.0 Sprint Plus --> MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2}
Action Replay XBOX 1.42 --> "D:\Program Files\Datel\Action Replay XBOX\unins000.exe"
Ad-aware 6 Personal --> D:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE D:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\System32\Macromed\Flash\UninstFl.exe -q
Adobe Flash Player Plugin --> C:\WINDOWS\System32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81100000003}
AIM 6 --> C:\Program Files\AIM6\uninst.exe
AnyDVD --> "D:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="D:\Program Files\SlySoft\AnyDVD"
AOL Instant Messenger --> D:\IAccess\AIM95\uninstll.exe -LOG= D:\IAccess\AIM95\install.log -OEM=
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ArcSoft Software Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66C8BE35-8BBB-472B-96C7-C7C9A499F988}\SETUP.EXE" -l0x9
AVG Anti-Spyware 7.5 --> D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
AVI/MPEG/RM/WMV Joiner 4.82 --> "D:\Program Files\AVI MPEG RM WMV Joiner\unins000.exe"
AXIS Media Control --> rundll32 "C:\Program Files\Axis Communications\AXIS Media Control\AxisMediaControl.dll",UninstallMe
BetGameDay Casino --> "D:\Program Files\BetGameDay Casino\Install.exe" -u
BitLord 1.1 --> D:\Program Files\BitLord\uninst.exe
BitPim 0.9.08 --> "D:\Program Files\BitPim\unins000.exe"
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Climate Prediction --> D:\PROGRA~1\CLIMAT~1\execs\UNWISE.EXE D:\PROGRA~1\CLIMAT~1\execs\INSTALL.LOG
CloneDVD2 --> "D:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="D:\Program Files\Elaborate Bytes\CloneDVD2"
Creative WebCam Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E5ABA5FD-EE3D-4F15-895D-B32321E6C96B}\setup.exe" -l0x9 /remove
Creative WebCam Live! Ultra Driver (1.01.03.0127) --> C:\WINDOWS\CtDrvIns.exe -uninstall -script VF0060.uns -unsext NT -plugin V0060Pin.dll -pluginres CtCamPin.crl -filelog
Creative WebCam Live! Ultra User's Guide (English) --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\Creative WebCam Live! Ultra\Creative WebCam Live! Ultra User's Guide\English\CTManual.isu"
Data Lifeguard --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2C0A655C-61E7-428A-8ED2-23A3D20E7DD2}\Setup.exe"
DeductionPro 2006 --> C:\Program Files\DeductionPro 2006\RemoveDPro.EXE C:\PROGRA~1\DEDUCT~1\INSTALL.LOG
DIRECTV GameTracker --> "D:\Program Files\DIRECTV GameTracker\uninstall.exe"
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
EA.com Matchup --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2F173C40-563E-11D4-89C5-0010ADDAAC33}\setup.exe" -l0x9
EA.com Update --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9AB97F52-512B-43EF-AAEC-4825C17B32ED}\setup.exe" -l0x9
Easy CD Creator 5 Basic --> MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0}
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /r
FCE Ultra --> D:\FCE Ultra\uninst.exe
Game Theater(tm) XP 6.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{915BDF9B-F5F5-433D-B857-490EE2D259D7}\Setup.exe"
Get Yahoo! Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EAF97B2C-0B9B-403C-829C-EF8099237DA9}\setup.exe" -l0x9 /remove
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
Hardware Doctor --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6E524C61-42EC-11D5-98E1-0050BA0133AC}\Setup.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Document Viewer 5.3 --> C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP Image Zone 5.3 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Imaging Device Functions 5.3 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP PSC & OfficeJet 5.3.A --> "C:\Program Files\HP\Digital Imaging\{3E386744-10FA-44b2-98C9-DF7A270DECB3}\setup\hpzscr01.exe" -datfile hposcr06.dat
HP Software Update --> MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
HP Solution Center & Imaging Support Tools 5.3 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
Internet Explorer Assistant 1.0 --> "C:\Program Files\Internet Explorer Assistant\unins000.exe"
iTunes --> MsiExec.exe /I{4F5CE18C-D97D-48FF-A510-A0D90C918294}
J2SE Runtime Environment 5.0 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
Java(TM) 6 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Kaspersky Online Scanner --> C:\WINDOWS\System32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Kazaa Lite v2.1.0 [K++ Edition] [build 3] --> "D:\Kazaa Lite\unins000.exe"
LG GSM PC Components --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3231D52-F193-4F30-A4D6-0A621E740FFF}\setup.exe"
LG USB Modem driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\Setup.exe" -l0x9 LG
LiveUpdate 1.6 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Logitech MouseWare 9.61 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\Setup.exe" -l0x9 -l0009 UNINSTALL
Macromedia Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log
Madden NFL 2004 --> D:\Program Files\EASports\Madden2004\EAUninstall.exe
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Money 2001 --> MsiExec.exe /I{D085A1B6-90A4-11D3-82B7-00C04FA309DE}
Microsoft Money 2006 --> "C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Movie Joiner --> D:\Program Files\Movie Joiner\uninst.exe -c
Mozilla Firefox (2.0.0.11) --> D:\Program Files\Mozilla Firefox\uninstall\helper.exe
MP3 Namer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44342DA1-A636-400D-8E3D-51B7238DEDC4}\Setup.exe" -l0x9
MSN Add-in for Windows Messenger --> rundll32.exe "C:\Program Files\Messenger\MSGSC.dll",UnregisterMSNExt
MSN Music Assistant --> rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
MusicMatch Jukebox --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MusicMatch\MusicMatch Jukebox\Uninst.isu" -cC:\PROGRA~1\MUSICM~1\MUSICM~1\unmatch.dll
myfantasyleague.com Game Day 2007 --> "D:\Program Files\myfantasyleague\unins000.exe"
MySQL Server 4.1 --> MsiExec.exe /I{9A527766-AF63-46B4-AC86-6C32C756C620}
Napster --> C:\Program Files\InstallShield Installation Information\{BBBCAE4B-B416-4182-A6F2-438180894A81}\setup.exe -runfromtemp -l0x0009 -removeonly
Napster Burn Engine --> MsiExec.exe /I{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}
Nero Suite --> C:\Program Files\Common Files\Ahead\Uninstall\setup.exe /uninstall ExtraUninstallID=""
NHL 2001 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BBA471C0-5EF2-11D4-0091-A500A0245DC0}\setup.exe" -l0x9 Uninstall
Norton AntiVirus Corporate Edition --> MsiExec.exe /I{BD12EB47-DBDF-11D3-BEEA-00A0CC272509}
NVIDIA Windows 2000/XP Display Drivers --> rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nv4_disp.inf
Outlook Express Q823353 --> C:\WINDOWS\oeuninst.exe C:\WINDOWS\INF\Q823353.inf
PartyPoker --> "d:\program files\PartyGaming\PartyPoker\Uninstall.exe" "d:\program files\PartyGaming\PartyPoker\install.log"
Pdf995 --> C:\Program Files\TaxCut06\pdf995\setup.exe uninstall
PdfEdit995 --> C:\Program Files\TaxCut06\pdf995\res\utilities\thinsetup.exe - uninstall
Pearl Jam Live --> C:\WINDOWS\System32\javaws.exe -uninstall "http://bootlegs.pearljam.com/PearlJamLive.jnlp"
PokerOffice (remove only) --> "D:\Program Files\PokerOffice\uninstall.exe"
QuickTime --> MsiExec.exe /I{9763E36A-08E9-4228-BBCE-12989A4EB1A8}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
TaxCut Premium 2006 --> C:\PROGRA~1\TaxCut06\Program\removetc.exe
Travelaxe --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8F0815A1-ABA6-41A6-8790-2A7198AA8ECD}\setup.exe"
tunebite 2.2.0.3 --> "D:\Program Files\tunebite\unins000.exe"
upapp --> MsiExec.exe /I{4EF69D40-4DC9-485E-95D3-B1C22F218FC8}
VideoLAN VLC media player 0.8.6b --> C:\Program Files\VideoLAN\VLC\uninstall.exe
ViewSonic Monitor Drivers --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B4FEA924-630D-11D4-B78E-005004566E4D}\Setup.exe" -l0x9
ViewSonic Windows XP Signed Files --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC47C7A5-BE63-11D5-B7C9-005004566E4D}\Setup.exe" -l0x9
WD Diagnostics --> MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
WinAVIVideoConverter --> "C:\Program Files\WinAVIVideoConverter\unins000.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
XviD MPEG4 Video Codec (remove only) --> "C:\WINDOWS\System32\xvid-uninstall.exe"
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\unyext.exe
Yahoo! Install Manager --> C:\WINDOWS\System32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail --> C:\WINDOWS\System32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI~2.DLL
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe
Yahoo! Widgets --> C:\PROGRA~1\Yahoo!\Widgets\uninstall.exe
yEnc32 (remove only) --> "D:\Program Files\yEnc32\uninstall.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type222970 / Warning
Event Submitted/Written: 01/27/2008 03:21:00 AM
Event ID/Source: 6 / Norton AntiVirus
Event Description:
Scan could not open file D:\Kazaa Lite\unins000.da? [00000003]

Event Record #/Type222969 / Warning
Event Submitted/Written: 01/27/2008 03:16:36 AM
Event ID/Source: 6 / Norton AntiVirus
Event Description:
Scan could not open file D:\Demo\$ntservicepackuninstall$\stream.sys [00000003]

Event Record #/Type222968 / Warning
Event Submitted/Written: 01/27/2008 03:16:36 AM
Event ID/Source: 6 / Norton AntiVirus
Event Description:
Scan could not open file D:\Demo\$ntservicepackuninstall$\storprop.dll [00000003]

Event Record #/Type222967 / Warning
Event Submitted/Written: 01/27/2008 03:16:35 AM
Event ID/Source: 6 / Norton AntiVirus
Event Description:
Scan could not open file D:\Demo\$ntservicepackuninstall$\stdprov.dll [00000003]

Event Record #/Type222966 / Warning
Event Submitted/Written: 01/27/2008 03:16:35 AM
Event ID/Source: 6 / Norton AntiVirus
Event Description:
Scan could not open file D:\Demo\$ntservicepackuninstall$\ssinc51.dll [00000003]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type130847 / Warning
Event Submitted/Written: 01/26/2008 08:00:35 AM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type130846 / Warning
Event Submitted/Written: 01/26/2008 04:28:06 AM
Event ID/Source: 51 / Disk
Event Description:
An error was detected on device \Device\Harddisk0\D during a paging operation.

Event Record #/Type130845 / Warning
Event Submitted/Written: 01/26/2008 04:28:05 AM
Event ID/Source: 51 / Disk
Event Description:
An error was detected on device \Device\Harddisk0\D during a paging operation.

Event Record #/Type130844 / Warning
Event Submitted/Written: 01/26/2008 04:28:04 AM
Event ID/Source: 51 / Disk
Event Description:
An error was detected on device \Device\Harddisk0\D during a paging operation.

Event Record #/Type130843 / Warning
Event Submitted/Written: 01/26/2008 04:28:03 AM
Event ID/Source: 51 / Disk
Event Description:
An error was detected on device \Device\Harddisk0\D during a paging operation.



-- End of Deckard's System Scanner: finished at 2008-01-29 07:11:47 ------------
wxmansmith
Regular Member
 
Posts: 17
Joined: January 27th, 2008, 3:35 pm

Re: Help! malware.bnkf and trojan.win2.pakes.bxx HJT

Unread postby Bob4 » January 29th, 2008, 8:39 am

For all these uninstalls you can't uninstall. Do an all file search for what ever file is missing and put it where it needs to be. You have files scattered files all over 3 different drives.

I will look at the log later as I have to go to the paying job now.
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6070
Joined: November 12th, 2005, 11:26 am
Location: Florida

Re: Help! malware.bnkf and trojan.win2.pakes.bxx HJT

Unread postby wxmansmith » January 29th, 2008, 9:08 am

You and me both on the job front.

Thanks again for your help and time. I really need to consider becoming a trained member. I really can't stand this stuff and too many people deal with it.
wxmansmith
Regular Member
 
Posts: 17
Joined: January 27th, 2008, 3:35 pm

Re: Help! malware.bnkf and trojan.win2.pakes.bxx HJT

Unread postby Bob4 » January 29th, 2008, 5:41 pm

Once we get you clean I will point you in the right direction to consider HJT training to do this.
But I assure you it's a busy thing so it will be much easier on you if you start with a clean computer.

__________________________________________

Well that actually found a few things we need to remove.

________________________________________
Open notepad and copy/paste the text in the quotebox below into it:


File::
C:\WINDOWS\system32\drivers\streamm.sys
C:\drmHeader.bin

Folder::
C:\WINDOWS\System32\vt8
C:\WINDOWS\System32\mp2
C:\WINDOWS\System32\ez4
C:\WINDOWS\System32\che9
C:\WINDOWS\System32\edcA17


Driver::
streamm




NOTE: This script was done for this user specifically.
DO NOT ATTEMPT TO USE IT IF YOU ARE NOT THIS USER
YOU WILL HURT THE WORKINGS OF YOUR COMPUTER !!
.

Save this as CFScript.txt, in the same location as ComboFix.exe


Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:ComboFix.txt which I will need in your next reply.

___________________________________

Download HostEXperts.zip by FunkyToad.

1. Extract the files and click on HostseXpert.exe.

2. Click on downloading

3. Click on msvp's host and choose replace.

NOTE:
If you have placed a host file in already choose merge."
If your unsure chances are you have not installed a host file.

You will be prompted to download the host file. Click OK.
If any of your software asks about it let it.

4. Click on "Make readable only"

You may close that now.

__________________________





Post the log from ComboFix.

Let me know if the pop-ups continue
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6070
Joined: November 12th, 2005, 11:26 am
Location: Florida

Re: Help! malware.bnkf and trojan.win2.pakes.bxx HJT

Unread postby wxmansmith » January 29th, 2008, 8:49 pm

Hmmm, this is weird.

I created the script as directed and dropped it onto combofix. However, I got the following error. I rebooted and got the same error.

"327882R2FWJFW not in expected location. Inform sUBs now!! "

No log created as it did not run.
wxmansmith
Regular Member
 
Posts: 17
Joined: January 27th, 2008, 3:35 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 41 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware