View Full Version : Stuck at SpyBot, Spyware Blaster
I downloaded SpyBot and ran it. It showed up various threats incl virtumonde, smitfraud, etc. Before I could do the repairs, I lost the SpyBot window.
So I re-opened it to re-run the scan. But this time, even before it reached 10% scan, it said "aborted by user" and stopped running. (even though I didn't touch anything). This happened twice. Now when I try to run SB, it doesn't open at all. I couldn't even uninstall or re-install it. Nothing happens when I double-click the icons.:lip:
I also downloaded Spyware Blaster. When I try to run setup , nothing happens.
Any help appreciated.
Hi Aspirex
Click here (http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe) to download HJTInstall.exe
Save HJTInstall.exe to your desktop.
Doubleclick on the HJTInstall.exe icon on your desktop.
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed, it will launch Hijackthis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT use the AnalyseThis button, its findings are dangerous if misinterpreted.
DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.
Shaba, thanks for your kind help...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:37:03 PM, on 10/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\pccguide.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\j2 Messenger 4.2\J2GDllCmd.exe
C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\j2 Messenger 4.2\J2GTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: DVwiz eToolbar - {B1CA4046-840C-481B-8E62-598D490D4617} - C:\PROGRA~1\DVwiz\DVWIZE~1\eToolbar.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\fidhndky.dll
O4 - HKLM\..\Run: [pccguide.exe] C:\PROGRA~1\TRENDM~1\INTERN~2\pccguide.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [j2 4.2] "C:\Program Files\j2 Messenger 4.2\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\jnvtxfsm.dll",sitypnow
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: j2 4.2.lnk = C:\Program Files\j2 Messenger 4.2\J2GTray.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O13 - WWW Prefix:
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
--
End of file - 4869 bytes
Hi
Rename HijackThis.exe to Aspirex.exe and post back a fresh HijackThis log, please :)
Here it is:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:51:36 PM, on 10/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\pccguide.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\j2 Messenger 4.2\J2GDllCmd.exe
C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\j2 Messenger 4.2\J2GTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\Aspirex.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\imapi.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
--
End of file - 2075 bytes
Hi
Is that really entire log?
Please try again if it is.
I don't know if I have screwed things up. :sad:
I tried to run Aspirex.exe but it said "HijackThis is already running" so I tried to re-install:oops:
Anyway I renamed the exe file now as Aspirex1.exe and here's the log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:17:54 PM, on 10/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\pccguide.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\j2 Messenger 4.2\J2GDllCmd.exe
C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\j2 Messenger 4.2\J2GTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Trend Micro\HijackThis\Aspirex.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\Aspirex1.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6E333001-C05F-408C-9AB3-BC7A855AF8FC} - (no file)
O2 - BHO: (no name) - {6FA33910-E255-4B31-9BD1-EC0FEC495661} - C:\WINDOWS\system32\jkhff.dll
O2 - BHO: (no name) - {837B45D6-BF85-457D-AABF-6D2E7815F791} - C:\WINDOWS\system32\qommmkk.dll
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\system32\igddyomm.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\ieoxvmjl.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: DVwiz eToolbar - {B1CA4046-840C-481B-8E62-598D490D4617} - C:\PROGRA~1\DVwiz\DVWIZE~1\eToolbar.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\ieoxvmjl.dll
O4 - HKLM\..\Run: [pccguide.exe] C:\PROGRA~1\TRENDM~1\INTERN~2\pccguide.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [j2 4.2] "C:\Program Files\j2 Messenger 4.2\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\jnvtxfsm.dll",sitypnow
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: j2 4.2.lnk = C:\Program Files\j2 Messenger 4.2\J2GTray.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O13 - WWW Prefix:
O20 - Winlogon Notify: ieoxvmjl - C:\WINDOWS\SYSTEM32\ieoxvmjl.dll
O20 - Winlogon Notify: qommmkk - C:\WINDOWS\SYSTEM32\qommmkk.dll
O20 - Winlogon Notify: winrkp32 - C:\WINDOWS\SYSTEM32\winrkp32.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: NetMeeting Remote Desktop Sharing (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
--
End of file - 6107 bytes
Hi
You have now 3 HijackThis programs running:
C:\Program Files\Trend Micro\HijackThis\Aspirex.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Trend Micro\HijackThis\Aspirex1.exe
Use that one renamed to Aspirex1 in the future, please.
You can kill Aspirex.exe and HijackThis.exe via Task manager (ctrl + alt + del -> end process)
We need first to disable TeaTimer that it doesn't interfere with fixes. You can re-enable it when you're clean again:
1. Run Spybot-S&D in Advanced Mode.
2. If it is not already set to do this Go to the Mode menu select "Advanced Mode"
3. On the left hand side, Click on Tools
4. Then click on the Resident Icon in the List
5. Uncheck "Resident TeaTimer" and OK any prompts.
6. Restart your computer.
Please download VundoFix.exe (http://www.atribune.org/ccount/click.php?id=4) to your desktop.
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.
1. Download combofix from one of these links:
Link1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link2 (http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe)
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Post:
- a fresh HijackThis log
- combofix report
- vundofix report
Shaba, here is fresh HijackThis & Vundo report.
I ran Combo fix and I think it went up to "completed stage 1" then the pc rebooted. It didn't produce a log file. Shall I run Combofix again?
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:33, on 2007-10-19
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\systs.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\pccguide.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\j2 Messenger 4.2\J2GDllCmd.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe
C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\j2 Messenger 4.2\J2GTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\Aspirex1.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6E333001-C05F-408C-9AB3-BC7A855AF8FC} - (no file)
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O2 - BHO: (no name) - {CCD861F0-D014-4463-930C-D2C20FEE7B80} - (no file)
O2 - BHO: (no name) - {CFAD26AD-456E-4D65-9382-385225E7EE24} - C:\WINDOWS\system32\jkhff.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: DVwiz eToolbar - {B1CA4046-840C-481B-8E62-598D490D4617} - C:\PROGRA~1\DVwiz\DVWIZE~1\eToolbar.dll
O4 - HKLM\..\Run: [pccguide.exe] C:\PROGRA~1\TRENDM~1\INTERN~2\pccguide.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [j2 4.2] "C:\Program Files\j2 Messenger 4.2\J2GDllCmd.exe" /R
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: j2 4.2.lnk = C:\Program Files\j2 Messenger 4.2\J2GTray.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O13 - WWW Prefix:
O20 - Winlogon Notify: fidhndky - C:\WINDOWS\
O20 - Winlogon Notify: winrkp32 - C:\WINDOWS\SYSTEM32\winrkp32.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: tjk8rla0zxexp - Unknown owner - C:\WINDOWS\system32\systs.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
--
End of file - 5331 bytes
VundoFix V6.5.10
Checking Java version...
Sun Java not detected
Scan started at 11:42:11 AM 10/19/2007
Listing files found while scanning....
C:\WINDOWS\system32\akdkgpzx.dll
C:\WINDOWS\system32\igddyomm.dll
C:\WINDOWS\system32\jnvtxfsm.dll
C:\WINDOWS\system32\msfxtvnj.ini
C:\windows\system32\pmnomnm.dll
C:\WINDOWS\system32\qommmkk.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\akdkgpzx.dll
C:\WINDOWS\system32\akdkgpzx.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\igddyomm.dll
C:\WINDOWS\system32\igddyomm.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\jnvtxfsm.dll
C:\WINDOWS\system32\jnvtxfsm.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\msfxtvnj.ini
C:\WINDOWS\system32\msfxtvnj.ini Has been deleted!
Attempting to delete C:\windows\system32\pmnomnm.dll
C:\windows\system32\pmnomnm.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\qommmkk.dll
C:\WINDOWS\system32\qommmkk.dll Could not be deleted.
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\WINDOWS\system32\akdkgpzx.dll
C:\WINDOWS\system32\akdkgpzx.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\qommmkk.dll
C:\WINDOWS\system32\qommmkk.dll Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.5.10
Checking Java version...
Sun Java not detected
Scan started at 2:24:01 PM 10/19/2007
Listing files found while scanning....
OK. I ran combofix. I think it went to stage 30. It didn't show up any logfiles but I found this text file in the combofix folder.
=================================
ComboFix 07-10-17.8@ - XP 2007-10-19 15:56:17.2 - NTFSx86
Script execution time was exceeded on script "C:\ComboFix\osid.vbs".
Script execution was terminated.
Running from: C:\Documents and Settings\XP\Desktop\ComboFix.exe
===============================
Also when I run combofix, my pc-cillin prompts that it has detected spyware "Freeloader_Smitfraud" in this file: dumphive.cfexe (which I noticed is a file in the combofix dir)
I was not sure whether to remove or ignore.
.
Hi
"
Also when I run combofix, my pc-cillin prompts that it has detected spyware "Freeloader_Smitfraud" in this file: dumphive.cfexe (which I noticed is a file in the combofix dir)
I was not sure whether to remove or ignore."
That is false positive.
You should ignore it.
Try to run combofix in safe mode.
Here is combofix log:
ComboFix 07-10-17.8@ - XP 2007-10-20 17:39:22.3 - NTFSx86
Script execution time was exceeded on script "C:\ComboFix\osid.vbs".
Script execution was terminated.
Running from: C:\Documents and Settings\XP\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Hammer.dll
C:\WINDOWS\bck1.dat
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\ffhkj.bak1
C:\WINDOWS\system32\ffhkj.bak1
C:\WINDOWS\system32\ffhkj.bak1
C:\WINDOWS\system32\ffhkj.bak2
C:\WINDOWS\system32\ffhkj.bak2
C:\WINDOWS\system32\ffhkj.bak2
C:\WINDOWS\system32\ffhkj.ini
C:\WINDOWS\system32\ffhkj.ini
C:\WINDOWS\system32\ffhkj.ini
C:\WINDOWS\system32\ffhkj.ini2
C:\WINDOWS\system32\ffhkj.ini2
C:\WINDOWS\system32\ffhkj.ini2
C:\WINDOWS\system32\ffhkj.tmp
C:\WINDOWS\system32\ffhkj.tmp
C:\WINDOWS\system32\ffhkj.tmp
C:\WINDOWS\system32\FTPx.dll
C:\WINDOWS\system32\icsyvbqw.ini
C:\WINDOWS\system32\jkhff.dll
C:\WINDOWS\system32\jkhff.dll
C:\WINDOWS\system32\ofdnlmhv.dll
C:\WINDOWS\system32\wqbvysci.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_RUNTIME
((((((((((((((((((((((((( Files Created from 2007-09-20 to 2007-10-20 )))))))))))))))))))))))))))))))
.
2007-10-19 11:42 <DIR> d-------- C:\VundoFix Backups
2007-10-18 15:12 <DIR> d-------- C:\Program Files\Lavasoft
2007-10-18 15:12 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-10-18 15:03 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-17 20:45 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-10-16 10:11 <DIR> d-------- C:\Program Files\Free Download Manager
2007-10-16 10:11 <DIR> d-------- C:\Documents and Settings\XP\Application Data\Free Download Manager
2007-10-16 10:11 <DIR> d-------- C:\DOCUME~1\XP\APPLIC~1\Free Download Manager
2007-10-13 23:21 27,648 --------- C:\sugpw.exe
2007-10-13 17:39 <DIR> d-------- C:\Program Files\QuickTime
2007-10-13 17:36 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-20 09:25 340,032 ----a-w C:\WINDOWS\system32\unykyzmh.dll
2007-10-20 09:25 340,032 ----a-w C:\WINDOWS\system32\aunkbtwd.dll
2007-10-19 06:37 103,936 --sha-r C:\WINDOWS\system32\systs.exe
2007-10-19 03:59 32,768 ----a-w C:\WINDOWS\system32\VundoFixSVC.exe
2007-10-19 03:27 397,376 ----a-w C:\WINDOWS\system32\skvpsmwh.exe
2007-10-19 03:27 339,968 ----a-w C:\WINDOWS\system32\akdkgpzx.dll
2007-10-18 15:54 397,376 ----a-w C:\WINDOWS\system32\kusqvfjb.exe
2007-10-18 15:54 339,968 ----a-w C:\WINDOWS\system32\iwiziijd.dll
2007-10-18 14:52 339,968 ----a-w C:\WINDOWS\system32\ieoxvmjl.dll
2007-10-18 14:51 397,376 ----a-w C:\WINDOWS\system32\isueenpp.exe
2007-10-18 14:35 339,968 ----a-w C:\WINDOWS\system32\ifspxgie.dll
2007-10-18 14:34 397,376 ----a-w C:\WINDOWS\system32\ftedgtmg.exe
2007-10-18 10:34 --------- d-----w C:\Program Files\Trend Micro
2007-10-18 09:51 397,376 ----a-w C:\WINDOWS\system32\ddfrxwkb.exe
2007-10-18 09:51 339,968 ----a-w C:\WINDOWS\system32\fidhndky.dll
2007-10-18 09:04 397,376 ----a-w C:\WINDOWS\system32\bjkawuma.exe
2007-10-18 09:04 339,968 ----a-w C:\WINDOWS\system32\orkcvhrr.dll
2007-10-18 03:33 397,376 ----a-w C:\WINDOWS\system32\bmtefpbf.exe
2007-10-18 03:02 397,376 ----a-w C:\WINDOWS\system32\lqxpjdxs.exe
2007-10-17 14:05 397,376 ----a-w C:\WINDOWS\system32\lefvthis.exe
2007-10-17 13:46 397,376 ----a-w C:\WINDOWS\system32\ylevlayd.exe
2007-10-16 13:48 397,376 ----a-w C:\WINDOWS\system32\byhvqkgr.exe
2007-10-16 09:04 --------- d-----w C:\Program Files\Infogrames Interactive
2007-10-16 09:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-14 15:10 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trend Micro
2007-05-14 14:26 1,622 ----a-w C:\Program Files\INSTALL.LOG
2001-09-28 09:00 171,520 ----a-w C:\Program Files\UNWISE.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6E333001-C05F-408C-9AB3-BC7A855AF8FC}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2007-10-20 17:25 340032 --a------ C:\WINDOWS\system32\unykyzmh.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CCD861F0-D014-4463-930C-D2C20FEE7B80}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B1CA4046-840C-481B-8E62-598D490D4617}"= C:\PROGRA~1\DVwiz\DVWIZE~1\eToolbar.dll [2004-01-16 00:45 944640]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\unykyzmh.dll [2007-10-20 17:25 340032]
[HKEY_CLASSES_ROOT\CLSID\{B1CA4046-840C-481B-8E62-598D490D4617}]
[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"pccguide.exe"="C:\PROGRA~1\TRENDM~1\INTERN~2\pccguide.exe" [2006-08-25 11:25]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 08:57]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-13 17:40]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"j2 4.2"="C:\Program Files\j2 Messenger 4.2\J2GDllCmd.exe" [2006-07-15 04:03]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OE"="C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe" [2006-08-18 13:06]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2005-01-07 08:00]
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
j2 4.2.lnk - C:\Program Files\j2 Messenger 4.2\J2GTray.exe [2006-09-27 13:52:37]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2006-09-14 00:25:15]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fidhndky]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\unykyzmh]
unykyzmh.dll 2007-10-20 17:25 340032 C:\WINDOWS\system32\unykyzmh.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winrkp32]
winrkp32.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\jkhff.dll
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1783a936-47e0-11db-b4cb-806d6172696f}]
AutoRun\command - E:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{68162f83-4341-11db-8f27-806d6172696f}]
AutoRun\command - E:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8b0aef79-49f6-11db-b4d6-98d035f3ea85}]
AutoRun\command - F:\autorun.exe
.
**************************************************************************
catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-20 18:20:30
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-10-20 18:27:12 - machine was rebooted
.
--- E O F ---
Hi
Do you know what this is?
C:\PROGRA~1\DVwiz\DVWIZE~1\eToolbar.dll
Hi
Do you know what this is?
C:\PROGRA~1\DVwiz\DVWIZE~1\eToolbar.dll
DVWiz is a program to create your own toolbar. (Purchased on ebay about 1 year ago).
Hi
Thanks for info :)
Open notepad and copy/paste the text in the quotebox below into it:
File::
C:\WINDOWS\system32\unykyzmh.dll
C:\WINDOWS\system32\aunkbtwd.dll
C:\WINDOWS\system32\systs.exe
C:\WINDOWS\system32\skvpsmwh.exe
C:\WINDOWS\system32\akdkgpzx.dll
C:\WINDOWS\system32\kusqvfjb.exe
C:\WINDOWS\system32\iwiziijd.dll
C:\WINDOWS\system32\ieoxvmjl.dll
C:\WINDOWS\system32\isueenpp.exe
C:\WINDOWS\system32\ifspxgie.dll
C:\WINDOWS\system32\ftedgtmg.exe
C:\WINDOWS\system32\ddfrxwkb.exe
C:\WINDOWS\system32\fidhndky.dll
C:\WINDOWS\system32\bjkawuma.exe
C:\WINDOWS\system32\orkcvhrr.dll
C:\WINDOWS\system32\bmtefpbf.exe
C:\WINDOWS\system32\lqxpjdxs.exe
C:\WINDOWS\system32\lefvthis.exe
C:\WINDOWS\system32\ylevlayd.exe
C:\WINDOWS\system32\byhvqkgr.exe
C:\sugpw.exe
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6E333001-C05F-408C-9AB3-BC7A855AF8FC}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CCD861F0-D014-4463-930C-D2C20FEE7B80}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"=-
[-HKEY_CLASSES_ROOT\CLSID\{B1CA4046-840C-481B-8E62-598D490D4617}]
[-HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fidhndky]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\unykyzmh]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winrkp32]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
Save this as "CFScript"
Then drag the CFScript into ComboFix.exe as you see in the screenshot below.
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.
Shaba,
I tried dragging CFScript.txt on to the ComboFix but Combofix doesn't run when I do that. The 2 icons simply exchange places on my desktop.
I disabled auto-arrange and tried it again. This time the CFSript icon simply sits on top of the ComboFix icon.:sad:
This is probably something simple but I can't figure it out. :sad: Feel like a fool:red: Help?
Hi
Well then we use other ways:
First we'll need to backup registry:
Start -> Run -> regedit -> ok. Then File -> Export. Give it a name and press Save.
Save text below as fix.reg on Notepad (save it as all files (*.*)) on Desktop
Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6E333001-C05F-408C-9AB3-BC7A855AF8FC}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CCD861F0-D014-4463-930C-D2C20FEE7B80}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"=-
[-HKEY_CLASSES_ROOT\CLSID\{B1CA4046-840C-481B-8E62-598D490D4617}]
[-HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fidhndky]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\unykyzmh]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winrkp32]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
It should look like this -> http://users.telenet.be/bluepatchy/miekiemoes/images/reg.gif
Doubleclick fix.reg, press Yes and ok.
(In case you are unsure how to create a reg file, take a look here (http://www.nellie2.co.uk/file.htm#How_to_Make_a_.Reg_File_) with screenshots.)
Please download the Killbox (http://www.downloads.subratam.org/KillBox.zip).
Unzip it to the desktop
Please run Killbox.
Select "Delete on Reboot".
Open the text file with these instructions in it, and copy the file names below to the clipboard by highlighting them and pressing Control-C:
C:\WINDOWS\system32\unykyzmh.dll
C:\WINDOWS\system32\aunkbtwd.dll
C:\WINDOWS\system32\systs.exe
C:\WINDOWS\system32\skvpsmwh.exe
C:\WINDOWS\system32\akdkgpzx.dll
C:\WINDOWS\system32\kusqvfjb.exe
C:\WINDOWS\system32\iwiziijd.dll
C:\WINDOWS\system32\ieoxvmjl.dll
C:\WINDOWS\system32\isueenpp.exe
C:\WINDOWS\system32\ifspxgie.dll
C:\WINDOWS\system32\ftedgtmg.exe
C:\WINDOWS\system32\ddfrxwkb.exe
C:\WINDOWS\system32\fidhndky.dll
C:\WINDOWS\system32\bjkawuma.exe
C:\WINDOWS\system32\orkcvhrr.dll
C:\WINDOWS\system32\bmtefpbf.exe
C:\WINDOWS\system32\lqxpjdxs.exe
C:\WINDOWS\system32\lefvthis.exe
C:\WINDOWS\system32\ylevlayd.exe
C:\WINDOWS\system32\byhvqkgr.exe
C:\sugpw.exe
Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.
If your computer does not restart automatically, please restart it manually.
Re-run combofix
Post:
- a fresh hijackthis log
- combofix report
==================================
Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.
===================================
Shaba, I followed this and clicked "Yes". (But there was no further prompt for Pending Operations. )
My PC rebooted and asked for password to login to my account. :sick: I have never used a password to my account!
I shutdown tried again and same thing. Finally I rebooted, went to F8 & selected "restore last known good configuration." Would I need to run Killbox again?
Anyway I ran Combofix & Hijackthis after that; here are the reports you asked for:
ComboFix
ComboFix 07-10-17.8@ - XP 2007-10-22 15:22:47.4 - NTFSx86
Script execution time was exceeded on script "C:\ComboFix\osid.vbs".
Script execution was terminated.
Running from: C:\Documents and Settings\XP\Desktop\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2007-09-22 to 2007-10-22 )))))))))))))))))))))))))))))))
.
2007-10-20 17:25 340,032 --a------ C:\WINDOWS\system32\aunkbtwd.dll
2007-10-19 15:06 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-19 14:37 103,936 -rahs---- C:\WINDOWS\system32\systs.exe
2007-10-19 11:59 32,768 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2007-10-19 11:42 <DIR> d-------- C:\VundoFix Backups
2007-10-19 11:28 339,968 --a------ C:\WINDOWS\system32\akdkgpzx.dll
2007-10-19 11:27 397,376 --a------ C:\WINDOWS\system32\skvpsmwh.exe
2007-10-18 23:55 339,968 --a------ C:\WINDOWS\system32\iwiziijd.dll
2007-10-18 23:54 397,376 --a------ C:\WINDOWS\system32\kusqvfjb.exe
2007-10-18 22:52 339,968 --a------ C:\WINDOWS\system32\ieoxvmjl.dll
2007-10-18 22:51 397,376 --a------ C:\WINDOWS\system32\isueenpp.exe
2007-10-18 22:35 339,968 --a------ C:\WINDOWS\system32\ifspxgie.dll
2007-10-18 22:34 397,376 --a------ C:\WINDOWS\system32\ftedgtmg.exe
2007-10-18 17:52 339,968 --a------ C:\WINDOWS\system32\fidhndky.dll
2007-10-18 17:51 397,376 --a------ C:\WINDOWS\system32\ddfrxwkb.exe
2007-10-18 17:04 397,376 --a------ C:\WINDOWS\system32\bjkawuma.exe
2007-10-18 17:04 339,968 --a------ C:\WINDOWS\system32\orkcvhrr.dll
2007-10-18 15:12 <DIR> d-------- C:\Program Files\Lavasoft
2007-10-18 15:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-10-18 15:03 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-18 11:32 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2007-10-18 11:32 397,376 --a------ C:\WINDOWS\system32\bmtefpbf.exe
2007-10-18 11:02 397,376 --a------ C:\WINDOWS\system32\lqxpjdxs.exe
2007-10-17 22:05 397,376 --a------ C:\WINDOWS\system32\lefvthis.exe
2007-10-17 21:46 397,376 --a------ C:\WINDOWS\system32\ylevlayd.exe
2007-10-17 20:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-17 17:38 <DIR> d-------- C:\WINDOWS\pss
2007-10-16 21:47 397,376 --a------ C:\WINDOWS\system32\byhvqkgr.exe
2007-10-16 10:11 <DIR> d-------- C:\Program Files\Free Download Manager
2007-10-16 10:11 <DIR> d-------- C:\Documents and Settings\XP\Application Data\Free Download Manager
2007-10-15 10:39 8,192 --a--c--- C:\WINDOWS\system32\dllcache\changer.sys
2007-10-15 10:39 106 --ahs---- C:\WINDOWS\system32\340418025.dat
2007-10-13 23:21 27,648 --------- C:\sugpw.exe
2007-10-13 17:40 94,208 --a------ C:\WINDOWS\unvise32qt.exe
2007-10-13 17:39 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2007-10-13 17:39 <DIR> d-------- C:\Program Files\QuickTime
2007-10-13 17:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\QuickTime
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-18 10:34 --------- d-----w C:\Program Files\Trend Micro
2007-10-16 09:04 --------- d-----w C:\Program Files\Infogrames Interactive
2007-10-16 09:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-14 15:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trend Micro
2007-05-14 14:26 1,622 ----a-w C:\Program Files\INSTALL.LOG
2001-09-28 09:00 171,520 ----a-w C:\Program Files\UNWISE.EXE
.
((((((((((((((((((((((((((((( snapshot@2007-10-20_18.24.38.26 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-10-20 10:19:37 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2007-10-22 07:12:15 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2007-10-20 10:19:37 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-10-22 07:12:15 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-10-20 10:19:37 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-10-22 07:12:15 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6E333001-C05F-408C-9AB3-BC7A855AF8FC}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CCD861F0-D014-4463-930C-D2C20FEE7B80}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"pccguide.exe"="C:\PROGRA~1\TRENDM~1\INTERN~2\pccguide.exe" [2006-08-25 11:25]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 08:57]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-13 17:40]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"j2 4.2"="C:\Program Files\j2 Messenger 4.2\J2GDllCmd.exe" [2006-07-15 04:03]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OE"="C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe" [2006-08-18 13:06]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2005-01-07 08:00]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
j2 4.2.lnk - C:\Program Files\j2 Messenger 4.2\J2GTray.exe [2006-09-27 13:52:37]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2006-09-14 00:25:15]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\unykyzmh]
unykyzmh.dll
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1783a936-47e0-11db-b4cb-806d6172696f}]
AutoRun\command - E:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{68162f83-4341-11db-8f27-806d6172696f}]
AutoRun\command - E:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8b0aef79-49f6-11db-b4d6-98d035f3ea85}]
AutoRun\command - F:\autorun.exe
.
**************************************************************************
catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-22 15:28:23
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
Completion time: 2007-10-22 15:31:11
C:\ComboFix2.txt ... 2007-10-20 18:27
.
--- E O F ---
HijackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:35:28 PM, on 10/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\pccguide.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\j2 Messenger 4.2\J2GDllCmd.exe
C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\j2 Messenger 4.2\J2GTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\systs.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\Aspirex1.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6E333001-C05F-408C-9AB3-BC7A855AF8FC} - (no file)
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O2 - BHO: (no name) - {CCD861F0-D014-4463-930C-D2C20FEE7B80} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: (no name) - {B1CA4046-840C-481B-8E62-598D490D4617} - (no file)
O4 - HKLM\..\Run: [pccguide.exe] C:\PROGRA~1\TRENDM~1\INTERN~2\pccguide.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [j2 4.2] "C:\Program Files\j2 Messenger 4.2\J2GDllCmd.exe" /R
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: j2 4.2.lnk = C:\Program Files\j2 Messenger 4.2\J2GTray.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O13 - WWW Prefix:
O20 - Winlogon Notify: unykyzmh - unykyzmh.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: tjk8rla0zxexp - Unknown owner - C:\WINDOWS\system32\systs.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
--
End of file - 5143 bytes
Hi
No success, we try then manual way:
Open HijackThis, click do a system scan only and checkmark these:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = <-- unless you have set it
O2 - BHO: (no name) - {CCD861F0-D014-4463-930C-D2C20FEE7B80} - (no file)
O3 - Toolbar: (no name) - {B1CA4046-840C-481B-8E62-598D490D4617} - (no file)
O20 - Winlogon Notify: unykyzmh - unykyzmh.dll (file missing)
O23 - Service: tjk8rla0zxexp - Unknown owner - C:\WINDOWS\system32\systs.exe
Close all windows including browser and press fix checked.
Reboot.
Make your hidden & system files visible -> http://www.xtra.co.nz/help/0,,4155-1916458,00.html
You can re-hide them again after you're clean
Delete these:
C:\WINDOWS\system32\unykyzmh.dll
C:\WINDOWS\system32\aunkbtwd.dll
C:\WINDOWS\system32\systs.exe
C:\WINDOWS\system32\skvpsmwh.exe
C:\WINDOWS\system32\akdkgpzx.dll
C:\WINDOWS\system32\kusqvfjb.exe
C:\WINDOWS\system32\iwiziijd.dll
C:\WINDOWS\system32\ieoxvmjl.dll
C:\WINDOWS\system32\isueenpp.exe
C:\WINDOWS\system32\ifspxgie.dll
C:\WINDOWS\system32\ftedgtmg.exe
C:\WINDOWS\system32\ddfrxwkb.exe
C:\WINDOWS\system32\fidhndky.dll
C:\WINDOWS\system32\bjkawuma.exe
C:\WINDOWS\system32\orkcvhrr.dll
C:\WINDOWS\system32\bmtefpbf.exe
C:\WINDOWS\system32\lqxpjdxs.exe
C:\WINDOWS\system32\lefvthis.exe
C:\WINDOWS\system32\ylevlayd.exe
C:\WINDOWS\system32\byhvqkgr.exe
C:\sugpw.exe
Empty Recycle Bin
Re-run combofix
Post:
- a fresh hijackthis log
- combofix report
OK, shaba. I have done what you asked.
I am ready to run combofix & hijackthis but first I would like to ask you something. While deleting those files in the System32 folder, I also noticed that all dll files also has a dllbox file.
E.g. C:\WINDOWS\system32\unykyzmh.dllbox
and also C:\sugpw.exe~ which is separate from sugpw.exe which I have deleted as you requested.
Should I delete all these also?
Thanks for helping me with this, Shaba
Here are reports: (Are things looking better? :fear:)
HIJACKTHIS
==========
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:04:00 AM, on 10/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\pccguide.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\j2 Messenger 4.2\J2GDllCmd.exe
C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
C:\Program Files\j2 Messenger 4.2\J2GTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\Aspirex1.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6E333001-C05F-408C-9AB3-BC7A855AF8FC} - (no file)
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [pccguide.exe] C:\PROGRA~1\TRENDM~1\INTERN~2\pccguide.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [j2 4.2] "C:\Program Files\j2 Messenger 4.2\J2GDllCmd.exe" /R
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: j2 4.2.lnk = C:\Program Files\j2 Messenger 4.2\J2GTray.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O13 - WWW Prefix:
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
--
End of file - 4765 bytes
COMBOFIX
========
ComboFix 07-10-17.8@ - XP 2007-10-23 10:51:21.5 - NTFSx86
Script execution time was exceeded on script "C:\ComboFix\osid.vbs".
Script execution was terminated.
Running from: C:\Documents and Settings\XP\Desktop\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2007-09-23 to 2007-10-23 )))))))))))))))))))))))))))))))
.
2007-10-19 15:06 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-19 11:59 32,768 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2007-10-19 11:42 <DIR> d-------- C:\VundoFix Backups
2007-10-18 15:12 <DIR> d-------- C:\Program Files\Lavasoft
2007-10-18 15:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-10-18 15:03 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-18 11:32 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2007-10-17 20:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-17 17:38 <DIR> d-------- C:\WINDOWS\pss
2007-10-16 10:11 <DIR> d-------- C:\Program Files\Free Download Manager
2007-10-16 10:11 <DIR> d-------- C:\Documents and Settings\XP\Application Data\Free Download Manager
2007-10-15 10:39 8,192 --a--c--- C:\WINDOWS\system32\dllcache\changer.sys
2007-10-15 10:39 106 --ahs---- C:\WINDOWS\system32\340418025.dat
2007-10-13 17:40 94,208 --a------ C:\WINDOWS\unvise32qt.exe
2007-10-13 17:39 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2007-10-13 17:39 <DIR> d-------- C:\Program Files\QuickTime
2007-10-13 17:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\QuickTime
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-18 10:34 --------- d-----w C:\Program Files\Trend Micro
2007-10-16 09:04 --------- d-----w C:\Program Files\Infogrames Interactive
2007-10-16 09:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-14 15:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trend Micro
2007-05-14 14:26 1,622 ----a-w C:\Program Files\INSTALL.LOG
2001-09-28 09:00 171,520 ----a-w C:\Program Files\UNWISE.EXE
.
((((((((((((((((((((((((((((( snapshot@2007-10-20_18.24.38.26 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-10-20 10:19:37 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2007-10-23 02:38:33 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2007-10-20 10:19:37 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-10-23 02:38:33 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-10-20 10:19:37 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-10-23 02:38:33 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6E333001-C05F-408C-9AB3-BC7A855AF8FC}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"pccguide.exe"="C:\PROGRA~1\TRENDM~1\INTERN~2\pccguide.exe" [2006-08-25 11:25]
"Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 08:57]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-13 17:40]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"j2 4.2"="C:\Program Files\j2 Messenger 4.2\J2GDllCmd.exe" [2006-07-15 04:03]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OE"="C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe" [2006-08-18 13:06]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2005-01-07 08:00]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
j2 4.2.lnk - C:\Program Files\j2 Messenger 4.2\J2GTray.exe [2006-09-27 13:52:37]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2006-09-14 00:25:15]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1783a936-47e0-11db-b4cb-806d6172696f}]
AutoRun\command - E:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{68162f83-4341-11db-8f27-806d6172696f}]
AutoRun\command - E:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8b0aef79-49f6-11db-b4d6-98d035f3ea85}]
AutoRun\command - F:\autorun.exe
.
**************************************************************************
catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-23 10:56:48
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
Completion time: 2007-10-23 10:59:05
C:\ComboFix2.txt ... 2007-10-22 15:31
C:\ComboFix3.txt ... 2007-10-20 18:27
.
--- E O F ---
Hi
Yes, they are :)
Please do an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/downloads/kws/kavwebscan.html). You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then start to download the latest definition files.
Once the scanner is installed and the definitions downloaded, click Next.
Now click on Scan Settings
In the scan settings make sure that the following are selected:
o Scan using the following Anti-Virus database:
+ Extended (If available otherwise Standard)
o Scan Options:
+ Scan Archives
+ Scan Mail Bases
Click OK
Now under select a target to scan select My Computer
The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button
Save the file to your desktop.
Copy and paste that information in your next post.
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
Post:
- a fresh HijackThis log
- kaspersky report
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:14:00 PM, on 10/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\pccguide.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\j2 Messenger 4.2\J2GDllCmd.exe
C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
C:\Program Files\j2 Messenger 4.2\J2GTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\Aspirex1.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6E333001-C05F-408C-9AB3-BC7A855AF8FC} - (no file)
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [pccguide.exe] C:\PROGRA~1\TRENDM~1\INTERN~2\pccguide.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [j2 4.2] "C:\Program Files\j2 Messenger 4.2\J2GDllCmd.exe" /R
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: j2 4.2.lnk = C:\Program Files\j2 Messenger 4.2\J2GTray.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O13 - WWW Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcScnSrv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
--
End of file - 4947 bytes
My Kaspersky report is over several posts due to its length:
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, October 23, 2007 7:12:58 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 23/10/2007
Kaspersky Anti-Virus database records: 443070
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
Scan Statistics:
Total number of scanned objects: 170754
Number of viruses found: 15
Number of infected objects: 8400
Number of suspicious objects: 0
Duration of the scan process: 02:06:33
Infected Object Name / Virus Name / Last Action
C:\!KillBox\unykyzmh.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.h skipped
C:\BJPrinter\CNMWINDOWS\Canon i255 Installer\Driver2\CNMPV.EXE Infected: Virus.Win32.Virut.ae skipped
C:\BJPrinter\CNMWINDOWS\Canon i255 Installer\Driver2\CNMQUEUE.EXE Infected: Virus.Win32.Virut.ae skipped
C:\BJPrinter\CNMWINDOWS\Canon i255 Installer\Driver2\CNMSMSD.EXE Infected: Virus.Win32.Virut.ae skipped
C:\BJPrinter\CNMWINDOWS\Canon i255 Installer\Driver2\CNMSTMN.EXE Infected: Virus.Win32.Virut.ae skipped
C:\BJPrinter\CNMWINDOWS\Canon i255 Installer\Inst2\helpkicker.exe Infected: Virus.Win32.Virut.ae skipped
C:\Documents and Settings\All Users\Application Data\Trend Micro\OE\auhome\patch.exe Infected: Virus.Win32.Virut.ae skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\XP\Application Data\Mozilla\Firefox\Profiles\lb31wda3.default\cert8.db Object is locked skipped
C:\Documents and Settings\XP\Application Data\Mozilla\Firefox\Profiles\lb31wda3.default\history.dat Object is locked skipped
C:\Documents and Settings\XP\Application Data\Mozilla\Firefox\Profiles\lb31wda3.default\key3.db Object is locked skipped
C:\Documents and Settings\XP\Application Data\Mozilla\Firefox\Profiles\lb31wda3.default\parent.lock Object is locked skipped
C:\Documents and Settings\XP\Application Data\Mozilla\Firefox\Profiles\lb31wda3.default\search.sqlite Object is locked skipped
C:\Documents and Settings\XP\Application Data\Mozilla\Firefox\Profiles\lb31wda3.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\XP\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\XP\Desktop\cwshredder.exe Infected: Virus.Win32.Virut.ae skipped
C:\Documents and Settings\XP\Desktop\KillBox.exe Infected: Virus.Win32.Virut.ae skipped
C:\Documents and Settings\XP\Desktop\utorrent.exe Infected: Virus.Win32.Virut.ae skipped
C:\Documents and Settings\XP\Desktop\VundoFix.exe Infected: Virus.Win32.Virut.ae skipped
C:\Documents and Settings\XP\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\XP\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\XP\Local Settings\Application Data\Mozilla\Firefox\Profiles\lb31wda3.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\XP\Local Settings\Application Data\Mozilla\Firefox\Profiles\lb31wda3.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\XP\Local Settings\Application Data\Mozilla\Firefox\Profiles\lb31wda3.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\XP\Local Settings\Application Data\Mozilla\Firefox\Profiles\lb31wda3.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\XP\Local Settings\Application Data\Mozilla\Firefox\Profiles\lb31wda3.default\XUL.mfl Object is locked skipped
C:\Documents and Settings\XP\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\XP\Local Settings\Temp\Free Download Manager\tic8E.tmp Object is locked skipped
C:\Documents and Settings\XP\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\XP\My Documents\install.exe~ Infected: Virus.Win32.Virut.ae skipped
C:\Documents and Settings\XP\My Documents\New Folder\Bible\healing2(1).exe Infected: Virus.Win32.Virut.ae skipped
C:\Documents and Settings\XP\My Documents\New Folder\Bible\healing2.exe Infected: Virus.Win32.Virut.ae skipped
C:\Documents and Settings\XP\My Documents\New Folder\Bible\prayer.exe Infected: Virus.Win32.Virut.ae skipped
C:\Documents and Settings\XP\My Documents\New Folder\chktrust.exe Infected: Virus.Win32.Virut.ae skipped
C:\Documents and Settings\XP\My Documents\New Folder\ebks\ftssite\ebook\EbookBuilder4.exe Infected: Virus.Win32.Virut.ae skipped
C:\Documents and Settings\XP\My Documents\New Folder\ebks\ftssite\ebook\ebookcover\uninstal.exe Infected: Virus.Win32.Virut.ae skipped
C:\Documents and Settings\XP\My Documents\New Folder\ebks\ftssite\ebook\WebsiteEbooksRebrander.exe Infected: Virus.Win32.Virut.ae skipped
C:\Documents and Settings\XP\My Documents\New Folder\ebks\impact-popup.exe Infected: Virus.Win32.Virut.ae skipped
C:\Documents and Settings\XP\My Documents\New Folder\ebks\javamachine1.exe Infected: Virus.Win32.Virut.ae skipped
C:\Documents and Settings\XP\My Documents\New Folder\ebks\PDFBrand.exe Infected: Virus.Win32.Virut.ae skipped
C:\Documents and Settings\XP\My Documents\New Folder\ebks\RARebook\MORE_REPORTS\BULKEMAILPROGRAM\STEALTH.EXE Infected: Virus.Win32.Virut.ae skipped
C:\Documents and Settings\XP\My Documents\New Folder\ebks\RARebook\MORE_REPORTS\GOV_AUCTION_INSIDER_S_GUIDE\SNIPES.EXE Infected: Virus.Win32.Virut.ae skipped
C:\Documents and Settings\XP\My Documents\New Folder\imarketingC\dna.exe Infected: Virus.Win32.Virut.ae skipped
C:\Documents and Settings\XP\My Documents\New Folder\imarketingC\domains2dollars\CDROMs\iper3pro\Eng\client\f\eBooksWriterFREE_e.exe Infected: Virus.Win32.Virut.ae skipped
C:\Documents and Settings\XP\My Documents\New Folder\imarketingC\domains2dollars\CDROMs\iper3pro\Eng\client\f\EbookUtils\eBooksReader_e.exe Infected: Virus.Win32.Virut.ae skipped
C:\Documents and Settings\XP\My Documents\New Folder\imarketingC\domains2dollars\CDROMs\iper3pro\Eng\client\f\EbookUtils\SfxEbkE.exe Infected: Virus.Win32.Virut.ae skipped
C:\Documents and Settings\XP\My Documents\New Folder\imarketingC\domains2dollars\CDROMs\iper3pro\Eng\client\f\MiDeinst.exe Infected: Virus.Win32.Virut.ae skipped
C:\Documents and Settings\XP\My Documents\New Folder\imarketingC\ezyads-rebrand.exe Infected: Virus.Win32.Virut.ae skipped
C:\Documents and Settings\XP\My Documents\New Folder\imarketingC\howsellwebsite\howsoldsite.exe Infected: Virus.Win32.Virut.ae skipped
C:\Documents and Settings\XP\My Documents\rgbc\CompactDraw V1.03 Reg-Maker.exe Infected: Virus.Win32.Virut.ae skipped
C:\Documents and Settings\XP\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\XP\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig708\ENU_\setup.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig708\ENU__\setup.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig709\ENU\setup.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Ahead\CoverDesigner\CoverDes.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Ahead\ImageDrive\ImageDrive.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Ahead\Nero\nero.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Ahead\Nero\NeroCmd.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Ahead\Nero\Uninstall\UNNero.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Ahead\Nero BackItUp\BackItUp.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Ahead\Nero BackItUp\NBJ.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Ahead\Nero BackItUp\NBR.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Ahead\Nero SoundTrax\SoundTrax.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Ahead\Nero Toolkit\CDSpeed.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Ahead\Nero Toolkit\DriveSpeed.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Ahead\Nero Toolkit\InfoTool.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Ahead\Nero Wave Editor\DXEnum.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Ahead\Nero Wave Editor\WaveEdit.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Ahead\WMPBurn\WMPBurn.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Alcohol Soft\Alcohol 120\Patch.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Analog Devices\SoundMAX\AEEnable.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Analog Devices\SoundMAX\DLSLoader.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Analog Devices\SoundMAX\install.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Analog Devices\SoundMAX\RemADI.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Analog Devices\SoundMAX\Remove.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Analog Devices\SoundMAX\SMAgentI.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Analog Devices\SoundMAX\SMAgentX.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Analog Devices\SoundMAX\_iscppr.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Common Files\Ahead\Lib\specialoffer.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Common Files\InstallShield\engine\6\Intel 32\IKernel.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\DotNetInstaller.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Common Files\Microsoft Shared\Speech\sapisvr.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Domain Finder Full\DomainFinderFull.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\everGirl Photo Manager\Photags.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\everGirl Photo Manager\PTGetVideoFrame.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\everGirl Photo Manager\PTWebCam.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\everGirl Photo Manager\Setup.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\everGirl Photo Manager\VCDTools\jpeg2yuv.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\everGirl Photo Manager\VCDTools\mpeg2enc.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\everGirl Photo Manager\VCDTools\mplex.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\everGirl Photo Manager\VCDTools\PTCueBurn.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\everGirl Photo Manager\VCDTools\PTMpegEncode.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\everGirl Photo Manager\VCDTools\PTVCDPrepare.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\everGirl Photo Manager\VCDTools\vcdimager.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\everGirl Photo Manager\VCDTools\vcdxbuild.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Free Download Manager\Updater.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Impact PopUp\ImpactPopup.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Infogrames Interactive\Civilization III\Civ3Edit.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\InstallShield Installation Information\{0AD84416-63A4-4CF3-BDDF-8FA866711FB0}\Setup.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\InstallShield Installation Information\{8B4AB829-DFD3-436D-B808-D9733D76C590}\Setup.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\Setup.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Internet Explorer\Connection Wizard\icwconn2.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Internet Explorer\Connection Wizard\icwrmind.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Internet Explorer\Connection Wizard\icwtutor.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Internet Explorer\Connection Wizard\inetwiz.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Internet Explorer\Connection Wizard\isignup.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Internet Explorer\iedw.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Internet Explorer\IEXPLORE.EXE Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\j2 Messenger 4.2\J2GDllCmd.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\j2 Messenger 4.2\J2GMail.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\j2 Messenger 4.2\J2GMailWiz.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\j2 Messenger 4.2\J2GPBook.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\j2 Messenger 4.2\J2GPfcOle.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\j2 Messenger 4.2\J2GPlus.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\j2 Messenger 4.2\J2GTray.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Macromedia\Dreamweaver MX\JVM\bin\java.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Macromedia\Dreamweaver MX\JVM\bin\javac.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Macromedia\Dreamweaver MX\JVM\bin\javaw.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Macromedia\Dreamweaver MX\JVM\bin\keytool.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Macromedia\Dreamweaver MX\JVM\bin\policytool.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Macromedia\Dreamweaver MX\JVM\bin\rmid.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Macromedia\Dreamweaver MX\JVM\bin\rmiregistry.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Macromedia\Dreamweaver MX\JVM\bin\tnameserv.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Macromedia\Extension Manager\Extension Manager.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Macromedia\Extension Manager\Replace.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Mars\MR97310\DPInst.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Messenger\msmsgs.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Movie Maker\moviemk.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\MSN\MSNIA\msniasvc.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\MSN\MSNIA\prestp.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\MSN\MsnInstaller\msninst.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\MSN Gaming Zone\Windows\bckgzm.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\MSN Gaming Zone\Windows\chkrzm.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\MSN Gaming Zone\Windows\hrtzzm.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\MSN Gaming Zone\Windows\Rvsezm.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\MSN Gaming Zone\Windows\shvlzm.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\MSN Gaming Zone\Windows\zClientm.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\NetMeeting\cb32.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\NetMeeting\conf.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\NetMeeting\wb32.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Outlook Express\msimn.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Outlook Express\oemig50.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Outlook Express\setup50.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Outlook Express\wab.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Outlook Express\wabmig.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\QuickTime\QTInfo.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\QuickTime\qttask.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\QuickTime\QuickTimeUpdater.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\HijackThis\Aspirex.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\HijackThis\Aspirex1.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\Internet Security 2007\drivers\CfwDriver\ncfg.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\Internet Security 2007\drivers\MbdDriver\Install.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\Internet Security 2007\drivers\TdiDriver\tdiins.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\Internet Security 2007\PCCBrows.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\Internet Security 2007\PccEULA.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\Internet Security 2007\PccHCMS.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\Internet Security 2007\pcclient.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\Internet Security 2007\PccLog.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\Internet Security 2007\pccmain.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\Internet Security 2007\PcCmdCom.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\Internet Security 2007\PcCmdIM.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\Internet Security 2007\PccRBMsg.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\Internet Security 2007\PCCTool.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\Internet Security 2007\PccUpdUI.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\Internet Security 2007\PCCVScan.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\Internet Security 2007\PcFstStr.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\282.tmp Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\2F7.tmp Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\A7.tmp Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\B.tmp Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Program Files\Trend Micro\Internet Security 2007\Quarantine\BB.tmp Infected: Trojan-Downloader.Win32.Tiny.id skipped
C:\Program Files\Trend Micro\Internet Security 2007\remove.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\Internet Security 2007\Temp\aupcc\product\PcCtlCom.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\Internet Security 2007\Temp\aupcc\product\TMAS_OE\TMAS_OE.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\Internet Security 2007\Temp\aupcc\TscEngine\tsc.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\Internet Security 2007\TMAS_Det.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\auhome\patch.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OE.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEImp.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_WM.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_WMImp.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_WMMon.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OL\auhome\patch.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OL\TMAS_OL.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OL\TMAS_OLImp.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OL\TMAS_OLSentry.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\Internet Security 2007\Tmntsrv.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\Internet Security 2007\TMOAgent.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\Internet Security 2007\TmPfw.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\Internet Security 2007\tmproxy.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\Internet Security 2007\TRIALMSG.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\Internet Security 2007\TSC.EXE Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\TIS15_1329\Autorun.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\TIS15_1329\Setup\Module\HtmlView.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\TIS15_1329\Setup\Module\PCCBrows.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\TIS15_1329\Setup\Module\PccEULA.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\TIS15_1329\Setup\Module\pccguide.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\TIS15_1329\Setup\Module\PccHCMS.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\TIS15_1329\Setup\Module\PCClient.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\TIS15_1329\Setup\Module\PccLog.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\TIS15_1329\Setup\Module\pccmain.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\TIS15_1329\Setup\Module\PcCmdCom.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\TIS15_1329\Setup\Module\PcCmdIM.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\TIS15_1329\Setup\Module\PccRBMsg.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\TIS15_1329\Setup\Module\PcCtlCom.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\TIS15_1329\Setup\Module\PCCTool.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\TIS15_1329\Setup\Module\PccUpdUI.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\TIS15_1329\Setup\Module\PCCVScan.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\TIS15_1329\Setup\Module\PcFstStr.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\TIS15_1329\Setup\Module\PcScnSrv.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\TIS15_1329\Setup\Module\remove.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\TIS15_1329\Setup\Module\TMAS_Det.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\TIS15_1329\Setup\Module\Tmntsrv.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\TIS15_1329\Setup\Module\TMOAgent.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\TIS15_1329\Setup\Module\TmPfw.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\TIS15_1329\Setup\Module\tmproxy.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\TIS15_1329\Setup\Module\TRIALMSG.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\TIS15_1329\Setup\Module\TSC.EXE Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\TIS15_1329\Setup\setup.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\TIS15_1329\Setup\System32\drivers\im\ncfg.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\TIS15_1329\Setup\System32\drivers\Install.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\TIS15_1329\Setup\System32\drivers\tdiins.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\TIS15_1329\Tools\ncfg.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Trend Micro\TIS15_1329\Tools\PCCTool.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Ubisoft\Blue Byte\THE SETTLERS - Heritage of Kings\bin\settlershok.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Ubisoft\Blue Byte\THE SETTLERS - Heritage of Kings\Support\Detection\s5detection.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Ubisoft\Blue Byte\THE SETTLERS - Heritage of Kings\Support\Register\RegistrationReminder.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\UNWISE.EXE Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Web CEO\BIN\gbak.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Web CEO\BIN\wceodbm.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Web CEO\BIN\webceo.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Windows Media Player\migrate.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Windows Media Player\mplayer2.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Windows Media Player\setup_wm.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Windows Media Player\wmplayer.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Windows NT\Accessories\wordpad.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Windows NT\dialer.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Windows NT\hypertrm.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\Windows NT\Pinball\PINBALL.EXE Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\WinRAR\Rar.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\WinRAR\RarExtLoader.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\WinRAR\Uninstall.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\WinRAR\UnRAR.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\WinRAR\WinRAR.exe Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\WinZip\WINZIP32.EXE Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\WinZip\WZMSG.EXE Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\WinZip\WZQKPICK.EXE Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\WinZip\WZSEPE32.EXE Infected: Virus.Win32.Virut.ae skipped
C:\Program Files\WS_FTP\WS_FTP95.exe Infected: Virus.Win32.Virut.ae skipped
C:\qoobox\Quarantine\C\Program Files\Hammer.dll.vir Infected: not-a-virus:AdWare.Win32.SecToolBar.f skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\drivers\ip6fw.sys.vir Infected: Trojan-Downloader.Win32.Agent.acl skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\nbsfoivs.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.aea skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\ofdnlmhv.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.aea skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\winrkp32.dll.vir Infected: Trojan.Win32.Dialer.qn skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\wqbvysci.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ady skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\wvimxyxc.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ady skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040813.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040814.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040815.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040816.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040817.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040818.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040820.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040821.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040822.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040823.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040824.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040825.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040826.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040827.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040828.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040829.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040830.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040831.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040833.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040834.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040836.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040837.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040838.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040839.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040840.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040841.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040842.EXE Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040843.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040844.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040846.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040847.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040848.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040849.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040850.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040853.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040854.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040855.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040857.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040859.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040860.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040861.EXE Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040862.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040863.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040864.EXE Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040865.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040866.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040867.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040868.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040869.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040870.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040871.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040872.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040873.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040874.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040875.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040876.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040877.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040878.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040879.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040880.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040881.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040882.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040890.EXE Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040905.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040906.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040909.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040910.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040911.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040912.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040913.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040914.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040916.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040917.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040918.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040919.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040920.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040921.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040923.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040926.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040927.EXE Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040930.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040931.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040933.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040934.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040938.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040949.dll Infected: Trojan.Win32.Pakes.su skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040955.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040956.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040957.dll Infected: not-a-virus:AdWare.Win32.SecToolBar.f skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040958.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040959.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040960.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040961.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040963.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040964.exe Infected: Virus.Win32.Virut.ae skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040967.dll Infected: Trojan-Downloader.Win32.Agent.bnm skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040968.sys Infected: Trojan-Downloader.Win32.Agent.bnm skipped
C:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0040969.dll Infected: Trojan-Downloader.Win32.Agent.bnm skipped
O dear!
Shaba, there's still a lot more of the report...:blink:
Shall I go on or is there another way that would be more comvenient for you?
OK. I just figured out that I can attach the Kaspersky txt file here. (Even then I have to zip it due to it's size ~ 2 MB)
Hi
I have very bad news for you :(
You have virut, a file infector which has most likely infected all your executable files.
Practically only way to get rid of it is re-formatting (if you try use some cleaning programs it will infect them,too).
:sad: OK Shaba. I really appreciate your kind help & the time you put into working with me on this.
I would like to save my data files from C: before I reformat. Can you tell me if data files (especially html files) are also affected?
I thought I could save D:, but from Kaspersky's report, it looks like my D: is also infected. Am I correct? Which means I have to re-format the whole harddisk?
Here's a small sample of Kaspersky pertaining to D:
==============================
D:\Bible\e-Sword.exe Infected: Virus.Win32.Virut.ae skipped
D:\Championship Manager 4\cm4.exe Infected: Virus.Win32.Virut.ae skipped
D:\Desktop\utorrent.exe Infected: Virus.Win32.Virut.ae skipped
D:\FaxVoice\messenger.exe Infected: Virus.Win32.Virut.ae skipped
D:\FM2006\fm data editor.exe Infected: Virus.Win32.Virut.ae skipped
D:\New Folder\ebks\ftssite\ebook\EbookBuilder4.exe Infected: Virus.Win32.Virut.ae skipped
D:\Outlook Express\msimn.exe Infected: Virus.Win32.Virut.ae skipped
D:\Outlook Express\oemig50.exe Infected: Virus.Win32.Virut.ae skipped
D:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0042124.exe Infected: Virus.Win32.Virut.ae skipped
D:\System Volume Information\_restore{C05BCDBE-E102-43B6-B0E1-EC47F5803B58}\RP105\A0042127.exe Infected: Virus.Win32.Virut.ae skipped
================================
Hi
All .exe and .scr files are likely infected so you can't save any of those files or you will get immediately re-infected.
But you save eg. pictures, documents and so.
Yes, you will need re-format entire hard disk.
Hi
As this seems to be "resolved", I just give some tips for the future:
Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.
See this link for a listing of some online & their stand-alone antivirus programs:
Virus, Spyware, and Malware Protection and Removal Resources (http://www.bleepingcomputer.com/forums/topic405.html)
Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.
For a tutorial on Firewalls and a listing of some available ones see the link below:
Understanding and Using Firewalls (http://www.bleepingcomputer.com/tutorials/tutorial60.html)
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com (http://www.windowsupdate.com) regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
A tutorial on installing & using this product can be found here:
Using SpywareBlaster to protect your computer from Spyware and Malware (http://www.bleepingcomputer.com/tutorials/tutorial49.html)
Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.
Here are some additional utilities that will enhance your safety
IE/Spyad (http://www.spywarewarrior.com/uiuc/resource.htm) <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm) <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
Google Toolbar (http://toolbar.google.com/) <= Get the free google toolbar to help stop pop up windows.
Comodo BOCLEAN (http://www.comodo.com/boclean/boclean.html) <= Stop identity thieves from getting personal information. Instantly detects well over 1,000,000 unique, variant and repack malware in total. And it's free.
Winpatrol (http://www.winpatrol.com/) <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
Using Winpatrol to protect your computer from malicious software (http://www.winpatrol.com/features.html)
Stand Up and Be Counted ---> Malware Complaints (http://www.malwarecomplaints.info/index.php) <--- where you can make difference!
The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.
Also, please read this great article by Tony Klein So How Did I Get Infected In First Place (http://castlecops.com/postlite7736-.html)
Thanks again Shaba.
I've implemented your suggestions.
Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.
Everyone else please begin a New Topic.