Can Anyone Please Tell Me What To Do?
BitDefender Log File !!!!!
Product : BitDefender Total Security 2008
Version : BitDefender UIScanner v.11
Log date : 21:49:44 22/07/2008
Log path : C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Profiles\Logs\deep_scan\1216752584_1_02.xml
Scan Paths:Path0000: C:\
Path0001: 
\
Path0002: E:\
Path0003: F:\
Scan Options:Scan for viruses : Yes
Scan for adware : Yes
Scan for spyware : Yes
Scan for applications : Yes
Scan for dialers : Yes
Scan for rootkits : Yes
Target selection options:Scan registry keys : Yes
Scan cookies : Yes
Scan boot sectors : Yes
Scan memory processes : Yes
Scan archives : Yes
Scan runtime packers : Yes
Scan emails : Yes
Scan all files : Yes
Heuristic Scan : Yes
Scanned extensions :
Excluded extensions :
Target ProcessingDefault action for infected objects : Disinfect
Default action for suspicious objects : None
Default action for hidden objects : None
Scan engines summaryNumber of virus signatures : 1382392
Archive plugins : 43
Email plugins : 6
Scan plugins : 12
Archive plugins : 43
System plugins : 4
Unpack plugins : 7
Overall scan summaryScanned items : 352991
Infected items : 91
Suspicious items : 0
Resolved items : 0
Individual viruses found : 8
Scanned directories : 8233
Scanned boot sectors : 12
Scanned archives : 4130
Input-output errors : 29
Scan time : 00:04:06:51
Files per second : 23
Scanned processes summaryScanned : 29
Infected : 0
Scanned registry keys summaryScanned : 308
Infected : 0
Scanned cookies summaryScanned : 0
Infected : 0
Remaining issues:Object Name Threat Name Final Status
E:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP21\A0001579.exe=](Instyler o)=](Instyler Module 11) Adware.Newdotnet.A Infected (no action was possible, file was in an archive)
C:\Documents and Settings\Asd_\Local Settings\Temp\i.dll Packer.Malware.NSAnti.AO Disinfect Failed
[system]=]HKEY_USERS\S-1-5-21-117609710-57989841-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\amva=]C:\WINDOWS\SYSTEM32\AMVO.EXE Packer.Malware.NSAnti.BR Infected
C:\Documents and Settings\Asd_\Local Settings\Temp\kd2.dll Packer.Malware.NSAnti.BR Disinfect Failed
C:\Documents and Settings\Asd_\Local Settings\Temp\m9t.dll Packer.Malware.NSAnti.BR Disinfect Failed
C:\Documents and Settings\Asd_\Local Settings\Temp\nphvz5.dll Packer.Malware.NSAnti.BR Disinfect Failed
C:\Documents and Settings\Asd_\Local Settings\Temp\yedp8.dll Packer.Malware.NSAnti.BR Disinfect Failed
C:\f0.cmd Packer.Malware.NSAnti.BR Disinfect Failed
C:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP41\A0014224.cmd Packer.Malware.NSAnti.BR Disinfect Failed
C:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP41\A0014233.exe Packer.Malware.NSAnti.BR Disinfect Failed
C:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP41\A0014250.dll Packer.Malware.NSAnti.BR Disinfect Failed
C:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP41\A0014251.dll Packer.Malware.NSAnti.BR Disinfect Failed
C:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP41\A0014252.cmd Packer.Malware.NSAnti.BR Disinfect Failed
C:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP41\A0014313.exe Packer.Malware.NSAnti.BR Disinfect Failed
C:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP41\A0014413.dll Packer.Malware.NSAnti.BR Disinfect Failed
C:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP41\A0014419.exe Packer.Malware.NSAnti.BR Disinfect Failed
C:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP41\A0014420.dll Packer.Malware.NSAnti.BR Disinfect Failed
C:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP41\A0014436.dll Packer.Malware.NSAnti.BR Disinfect Failed
C:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP41\A0014437.dll Packer.Malware.NSAnti.BR Disinfect Failed
C:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP41\A0014438.exe Packer.Malware.NSAnti.BR Disinfect Failed
C:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP41\A0014439.cmd Packer.Malware.NSAnti.BR Disinfect Failed
C:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP41\A0014451.exe Packer.Malware.NSAnti.BR Disinfect Failed
C:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP41\A0014452.dll Packer.Malware.NSAnti.BR Disinfect Failed
C:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP41\A0014454.exe Packer.Malware.NSAnti.BR Disinfect Failed
C:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP41\A0014455.dll Packer.Malware.NSAnti.BR Disinfect Failed
C:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP42\A0014471.exe Packer.Malware.NSAnti.BR Disinfect Failed
C:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP42\A0014481.cmd Packer.Malware.NSAnti.BR Disinfect Failed
C:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP42\A0015436.dll Packer.Malware.NSAnti.BR Disinfect Failed
C:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP42\A0015437.dll Packer.Malware.NSAnti.BR Disinfect Failed
C:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP42\A0015438.exe Packer.Malware.NSAnti.BR Disinfect Failed
C:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP42\A0015451.exe Packer.Malware.NSAnti.BR Disinfect Failed
C:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP42\A0015452.dll Packer.Malware.NSAnti.BR Disinfect Failed
C:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP42\A0015600.dll Packer.Malware.NSAnti.BR Disinfect Failed
C:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP42\A0015601.dll Packer.Malware.NSAnti.BR Disinfect Failed
C:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP42\A0015603.cmd Packer.Malware.NSAnti.BR Disinfect Failed
C:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP42\A0015610.exe Packer.Malware.NSAnti.BR Disinfect Failed
C:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP42\A0015619.exe Packer.Malware.NSAnti.BR Disinfect Failed
C:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP42\A0015620.dll Packer.Malware.NSAnti.BR Disinfect Failed
C:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP42\A0015662.dll Packer.Malware.NSAnti.BR Disinfect Failed
C:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP42\A0015663.dll Packer.Malware.NSAnti.BR Disinfect Failed
C:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP42\A0015665.cmd Packer.Malware.NSAnti.BR Disinfect Failed
C:\WINDOWS\system32\amvo.exe Packer.Malware.NSAnti.BR Disinfect Failed
C:\WINDOWS\system32\amvo0.dll Packer.Malware.NSAnti.BR Disinfect Failed
C:\WINDOWS\system32\amvo1.dll Packer.Malware.NSAnti.BR Disinfect Failed
C:\ybj8df.exe Packer.Malware.NSAnti.BR Disinfect Failed
\f0.cmd Packer.Malware.NSAnti.BR Disinfect Failed
\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP41\A0014226.cmd Packer.Malware.NSAnti.BR Disinfect Failed
\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP41\A0014234.exe Packer.Malware.NSAnti.BR Disinfect Failed
\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP41\A0014254.cmd Packer.Malware.NSAnti.BR Disinfect Failed
\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP41\A0014316.exe Packer.Malware.NSAnti.BR Disinfect Failed
\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP41\A0014441.exe Packer.Malware.NSAnti.BR Disinfect Failed
\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP41\A0014442.cmd Packer.Malware.NSAnti.BR Disinfect Failed
\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP42\A0014474.exe Packer.Malware.NSAnti.BR Disinfect Failed
\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP42\A0014482.cmd Packer.Malware.NSAnti.BR Disinfect Failed
\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP42\A0015440.exe Packer.Malware.NSAnti.BR Disinfect Failed
\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP42\A0015605.cmd Packer.Malware.NSAnti.BR Disinfect Failed
\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP42\A0015612.exe Packer.Malware.NSAnti.BR Disinfect Failed
\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP42\A0015668.cmd Packer.Malware.NSAnti.BR Disinfect Failed
\ybj8df.exe Packer.Malware.NSAnti.BR Disinfect Failed
E:\f0.cmd Packer.Malware.NSAnti.BR Disinfect Failed
E:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP41\A0014228.cmd Packer.Malware.NSAnti.BR Disinfect Failed
E:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP41\A0014235.exe Packer.Malware.NSAnti.BR Disinfect Failed
E:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP41\A0014256.cmd Packer.Malware.NSAnti.BR Disinfect Failed
E:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP41\A0014324.exe Packer.Malware.NSAnti.BR Disinfect Failed
E:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP41\A0014444.cmd Packer.Malware.NSAnti.BR Disinfect Failed
E:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP41\A0014445.exe Packer.Malware.NSAnti.BR Disinfect Failed
E:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP42\A0014476.exe Packer.Malware.NSAnti.BR Disinfect Failed
E:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP42\A0014483.cmd Packer.Malware.NSAnti.BR Disinfect Failed
E:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP42\A0015442.exe Packer.Malware.NSAnti.BR Disinfect Failed
E:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP42\A0015607.cmd Packer.Malware.NSAnti.BR Disinfect Failed
E:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP42\A0015613.exe Packer.Malware.NSAnti.BR Disinfect Failed
E:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP42\A0015671.cmd Packer.Malware.NSAnti.BR Disinfect Failed
E:\ybj8df.exe Packer.Malware.NSAnti.BR Disinfect Failed
F:\f0.cmd Packer.Malware.NSAnti.BR Disinfect Failed
F:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP41\A0014230.cmd Packer.Malware.NSAnti.BR Disinfect Failed
F:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP41\A0014236.exe Packer.Malware.NSAnti.BR Disinfect Failed
F:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP41\A0014258.cmd Packer.Malware.NSAnti.BR Disinfect Failed
F:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP41\A0014331.exe Packer.Malware.NSAnti.BR Disinfect Failed
F:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP41\A0014447.exe Packer.Malware.NSAnti.BR Disinfect Failed
F:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP41\A0014448.cmd Packer.Malware.NSAnti.BR Disinfect Failed
F:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP42\A0014478.exe Packer.Malware.NSAnti.BR Disinfect Failed
F:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP42\A0014484.cmd Packer.Malware.NSAnti.BR Disinfect Failed
F:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP42\A0015445.exe Packer.Malware.NSAnti.BR Disinfect Failed
F:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP42\A0015609.cmd Packer.Malware.NSAnti.BR Disinfect Failed
F:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP42\A0015614.exe Packer.Malware.NSAnti.BR Disinfect Failed
F:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP42\A0015675.cmd Packer.Malware.NSAnti.BR Disinfect Failed
F:\ybj8df.exe Packer.Malware.NSAnti.BR Disinfect Failed
\d\New Folder\57 Cooking E-Books.iso=]autorun.exe Trojan.Generic.316161 Delete Failed (file was in an archive)
\d\New Folder\Cleaning and Stain removal for Dummies.iso=]autorun.exe Trojan.Generic.316161 Delete Failed (file was in an archive)
\d\New Folder\Europe for Dummies 4th Edition.iso=]autorun.exe Trojan.Generic.316161 Delete Failed (file was in an archive)
\d\New Folder\Intermediate Spanish for Dummies.iso=]autorun.exe Trojan.Generic.316161 Delete Failed (file was in an archive)
Resolved issues:Object Name Threat Name Final Status
Objects that were not scanned:Object Name Reason Final Status
\d\New Folder\Arabic Learning Collection\Software\Rosetta Stone Arabic Explorer\Rosetta Stone Arabic Explorer.mdf=]autorun.apm=]amsdata.dat Password-Protected No action was possible
\d\New Folder\Madonna - Hard Candy [mp3-vbr-2008] Full Download .rar=]Madonna - Hard Candy [mp3-vbr-2008] Full Download\Madonna - Hard Candy [mp3-vbr-2008] Full Download.rar=]Madonna - Hard Candy [mp3-vbr-2008] Full Download\01 - Candy Shop.mp3 Password-Protected No action was possible
\d\New Folder\Madonna - Hard Candy [mp3-vbr-2008] Full Download .rar=]Madonna - Hard Candy [mp3-vbr-2008] Full Download\Madonna - Hard Candy [mp3-vbr-2008] Full Download.rar=]Madonna - Hard Candy [mp3-vbr-2008] Full Download\02 - 4 Minutes.mp3 Password-Protected No action was possible
\d\New Folder\Madonna - Hard Candy [mp3-vbr-2008] Full Download .rar=]Madonna - Hard Candy [mp3-vbr-2008] Full Download\Madonna - Hard Candy [mp3-vbr-2008] Full Download.rar=]Madonna - Hard Candy [mp3-vbr-2008] Full Download\03 - Give It 2 Me.mp3 Password-Protected No action was possible
\d\New Folder\Madonna - Hard Candy [mp3-vbr-2008] Full Download .rar=]Madonna - Hard Candy [mp3-vbr-2008] Full Download\Madonna - Hard Candy [mp3-vbr-2008] Full Download.rar=]Madonna - Hard Candy [mp3-vbr-2008] Full Download\04 - Heartbeat.mp3 Password-Protected No action was possible
\d\New Folder\Madonna - Hard Candy [mp3-vbr-2008] Full Download .rar=]Madonna - Hard Candy [mp3-vbr-2008] Full Download\Madonna - Hard Candy [mp3-vbr-2008] Full Download.rar=]Madonna - Hard Candy [mp3-vbr-2008] Full Download\05 - Miles Away.mp3 Password-Protected No action was possible
\d\New Folder\Madonna - Hard Candy [mp3-vbr-2008] Full Download .rar=]Madonna - Hard Candy [mp3-vbr-2008] Full Download\Madonna - Hard Candy [mp3-vbr-2008] Full Download.rar=]Madonna - Hard Candy [mp3-vbr-2008] Full Download\06 - She's Not Me.mp3 Password-Protected No action was possible
\d\New Folder\Madonna - Hard Candy [mp3-vbr-2008] Full Download .rar=]Madonna - Hard Candy [mp3-vbr-2008] Full Download\Madonna - Hard Candy [mp3-vbr-2008] Full Download.rar=]Madonna - Hard Candy [mp3-vbr-2008] Full Download\07 - Incredible.mp3 Password-Protected No action was possible
\d\New Folder\Madonna - Hard Candy [mp3-vbr-2008] Full Download .rar=]Madonna - Hard Candy [mp3-vbr-2008] Full Download\Madonna - Hard Candy [mp3-vbr-2008] Full Download.rar=]Madonna - Hard Candy [mp3-vbr-2008] Full Download\08 - Beat Goes On.mp3 Password-Protected No action was possible
\d\New Folder\Madonna - Hard Candy [mp3-vbr-2008] Full Download .rar=]Madonna - Hard Candy [mp3-vbr-2008] Full Download\Madonna - Hard Candy [mp3-vbr-2008] Full Download.rar=]Madonna - Hard Candy [mp3-vbr-2008] Full Download\09 - Dance 2night.mp3 Password-Protected No action was possible
\d\New Folder\Madonna - Hard Candy [mp3-vbr-2008] Full Download .rar=]Madonna - Hard Candy [mp3-vbr-2008] Full Download\Madonna - Hard Candy [mp3-vbr-2008] Full Download.rar=]Madonna - Hard Candy [mp3-vbr-2008] Full Download\10 - Spanish Lesson.mp3 Password-Protected No action was possible
\d\New Folder\Madonna - Hard Candy [mp3-vbr-2008] Full Download .rar=]Madonna - Hard Candy [mp3-vbr-2008] Full Download\Madonna - Hard Candy [mp3-vbr-2008] Full Download.rar=]Madonna - Hard Candy [mp3-vbr-2008] Full Download\11 - Devil Wouldn't Recognize You.mp3 Password-Protected No action was possible
\d\New Folder\Madonna - Hard Candy [mp3-vbr-2008] Full Download .rar=]Madonna - Hard Candy [mp3-vbr-2008] Full Download\Madonna - Hard Candy [mp3-vbr-2008] Full Download.rar=]Madonna - Hard Candy [mp3-vbr-2008] Full Download\12 - Voices.mp3 Password-Protected No action was possible
\d\New Folder\Madonna - Hard Candy [mp3-vbr-2008] Full Download .rar=]Madonna - Hard Candy [mp3-vbr-2008] Full Download\Madonna - Hard Candy [mp3-vbr-2008] Full Download.rar=]Madonna - Hard Candy [mp3-vbr-2008] Full Download\front.jpg Password-Protected No action was possible
\RECYCLER\S-1-5-21-117609710-57989841-725345543-1003\Dd19.rar=]Stretching For Dummies.rar=]Stretching For Dummies.pdf Password-Protected No action was possible
E:\windows yedek\New Folder\Madonna - Hard Candy [mp3-vbr-2008] Full Download .rar=]Madonna - Hard Candy [mp3-vbr-2008] Full Download\Madonna - Hard Candy [mp3-vbr-2008] Full Download.rar=]Madonna - Hard Candy [mp3-vbr-2008] Full Download\01 - Candy Shop.mp3 Password-Protected No action was possible
E:\windows yedek\New Folder\Madonna - Hard Candy [mp3-vbr-2008] Full Download .rar=]Madonna - Hard Candy [mp3-vbr-2008] Full Download\Madonna - Hard Candy [mp3-vbr-2008] Full Download.rar=]Madonna - Hard Candy [mp3-vbr-2008] Full Download\02 - 4 Minutes.mp3 Password-Protected No action was possible
E:\windows yedek\New Folder\Madonna - Hard Candy [mp3-vbr-2008] Full Download .rar=]Madonna - Hard Candy [mp3-vbr-2008] Full Download\Madonna - Hard Candy [mp3-vbr-2008] Full Download.rar=]Madonna - Hard Candy [mp3-vbr-2008] Full Download\03 - Give It 2 Me.mp3 Password-Protected No action was possible
E:\windows yedek\New Folder\Madonna - Hard Candy [mp3-vbr-2008] Full Download .rar=]Madonna - Hard Candy [mp3-vbr-2008] Full Download\Madonna - Hard Candy [mp3-vbr-2008] Full Download.rar=]Madonna - Hard Candy [mp3-vbr-2008] Full Download\04 - Heartbeat.mp3 Password-Protected No action was possible
E:\windows yedek\New Folder\Madonna - Hard Candy [mp3-vbr-2008] Full Download .rar=]Madonna - Hard Candy [mp3-vbr-2008] Full Download\Madonna - Hard Candy [mp3-vbr-2008] Full Download.rar=]Madonna - Hard Candy [mp3-vbr-2008] Full Download\05 - Miles Away.mp3 Password-Protected No action was possible
E:\windows yedek\New Folder\Madonna - Hard Candy [mp3-vbr-2008] Full Download .rar=]Madonna - Hard Candy [mp3-vbr-2008] Full Download\Madonna - Hard Candy [mp3-vbr-2008] Full Download.rar=]Madonna - Hard Candy [mp3-vbr-2008] Full Download\06 - She's Not Me.mp3 Password-Protected No action was possible
E:\windows yedek\New Folder\Madonna - Hard Candy [mp3-vbr-2008] Full Download .rar=]Madonna - Hard Candy [mp3-vbr-2008] Full Download\Madonna - Hard Candy [mp3-vbr-2008] Full Download.rar=]Madonna - Hard Candy [mp3-vbr-2008] Full Download\07 - Incredible.mp3 Password-Protected No action was possible
E:\windows yedek\New Folder\Madonna - Hard Candy [mp3-vbr-2008] Full Download .rar=]Madonna - Hard Candy [mp3-vbr-2008] Full Download\Madonna - Hard Candy [mp3-vbr-2008] Full Download.rar=]Madonna - Hard Candy [mp3-vbr-2008] Full Download\08 - Beat Goes On.mp3 Password-Protected No action was possible
E:\windows yedek\New Folder\Madonna - Hard Candy [mp3-vbr-2008] Full Download .rar=]Madonna - Hard Candy [mp3-vbr-2008] Full Download\Madonna - Hard Candy [mp3-vbr-2008] Full Download.rar=]Madonna - Hard Candy [mp3-vbr-2008] Full Download\09 - Dance 2night.mp3 Password-Protected No action was possible
E:\windows yedek\New Folder\Madonna - Hard Candy [mp3-vbr-2008] Full Download .rar=]Madonna - Hard Candy [mp3-vbr-2008] Full Download\Madonna - Hard Candy [mp3-vbr-2008] Full Download.rar=]Madonna - Hard Candy [mp3-vbr-2008] Full Download\10 - Spanish Lesson.mp3 Password-Protected No action was possible
E:\windows yedek\New Folder\Madonna - Hard Candy [mp3-vbr-2008] Full Download .rar=]Madonna - Hard Candy [mp3-vbr-2008] Full Download\Madonna - Hard Candy [mp3-vbr-2008] Full Download.rar=]Madonna - Hard Candy [mp3-vbr-2008] Full Download\11 - Devil Wouldn't Recognize You.mp3 Password-Protected No action was possible
E:\windows yedek\New Folder\Madonna - Hard Candy [mp3-vbr-2008] Full Download .rar=]Madonna - Hard Candy [mp3-vbr-2008] Full Download\Madonna - Hard Candy [mp3-vbr-2008] Full Download.rar=]Madonna - Hard Candy [mp3-vbr-2008] Full Download\12 - Voices.mp3 Password-Protected No action was possible
E:\windows yedek\New Folder\Madonna - Hard Candy [mp3-vbr-2008] Full Download .rar=]Madonna - Hard Candy [mp3-vbr-2008] Full Download\Madonna - Hard Candy [mp3-vbr-2008] Full Download.rar=]Madonna - Hard Candy [mp3-vbr-2008] Full Download\front.jpg Password-Protected No action was possible
Comments
-
First of all, disable System Restore !
Download ComboFix from here: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Then close all running programs, including web browser, instant messenger, etc and then run ComboFix.
It will ask you whether it should start cleaning or not. Press 1 and hit Enter. Don't stop it while running. While doing this your screen may disappear but don't worry, it's a normal behaviour.
At the end ComboFix will generate a log file. Save it and post it here.0 -
Hi, thank you very much for your help. I did exactly as you told me. But i left bitdefender open during the process. And before booting the computer bitdefender asked me if i should allow some windows registery.. those were programs from the startup. so i allowed. Do you think this spoils the process? Otherwise here's the log report.
Thank you, and please tell if i should do anything else.
ComboFix 08-07-28.6 - Asd_ 2008-07-29 20:45:16.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.902 [GMT 3:00]
Running from: C:\Documents and Settings\Asd_\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\1rfw8hjr.com
C:\autorun.inf
C:\WINDOWS\system32\ckvo.exe
C:\WINDOWS\system32\ckvo0.dll\Autorun.inf
E:\Autorun.inf
F:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-06-28 to 2008-07-29 )))))))))))))))))))))))))))))))
.
2008-07-22 22:02 . 2008-07-22 09:28 116,906 -r-hs---- C:\e9ehn1m8.com
2008-07-20 23:32 . 2008-07-29 20:52 121 --a------ C:\WINDOWS\bdagent.INI
2008-07-20 19:02 . 2008-07-20 19:02 <DIR> d-------- C:\Documents and Settings\Asd_\Application Data\BitDefender
2008-07-20 18:59 . 2008-07-20 19:00 <DIR> d-------- C:\Program Files\BitDefender
2008-07-20 18:59 . 2008-07-20 19:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-07-20 18:54 . 2008-07-20 19:00 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2008-07-20 00:54 . 2008-07-29 20:28 79,360 -r-hs---- C:\WINDOWS\system32\ckvo1.dll
2008-07-19 21:08 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-07-19 21:08 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-07-19 20:16 . 2008-07-19 20:16 <DIR> d-------- C:\Program Files\Avanquest update
2008-07-19 20:16 . 2008-07-19 20:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-07-19 20:14 . 2008-07-19 20:14 <DIR> d-------- C:\Program Files\Sony Ericsson
2008-07-19 20:14 . 2008-07-19 20:14 <DIR> d-------- C:\Documents and Settings\Asd_\Application Data\InstallShield
2008-07-19 20:14 . 2008-07-19 20:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-07-14 16:16 . 2008-07-14 16:16 <DIR> d-------- C:\Program Files\Microsoft Reader
2008-07-14 16:16 . 2008-07-19 20:16 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-07-14 16:16 . 2003-06-05 17:15 57,436 --a------ C:\WINDOWS\DASShp.dll
2008-07-14 16:15 . 2008-07-14 16:16 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-07-11 00:02 . 2008-07-11 00:02 50,200 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-07-10 23:42 . 2008-07-11 01:01 <DIR> d-------- C:\Documents and Settings\Asd_\Application Data\mIRC
2008-07-02 23:15 . 2008-07-02 23:15 <DIR> d-------- C:\Program Files\TimeAdjuster
2008-07-02 22:12 . 2008-07-02 22:12 <DIR> d-------- C:\Program Files\URUSoft
2008-07-02 22:01 . 2008-07-02 22:01 <DIR> d-------- C:\Program Files\POP Software
2008-06-30 01:41 . 2008-06-30 01:43 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-06-29 14:43 . 2008-06-29 23:28 <DIR> d-------- C:\divx
2008-06-29 14:29 . 2008-06-29 14:29 <DIR> d-------- C:\Program Files\iTunes
2008-06-29 14:29 . 2008-06-29 14:29 <DIR> d-------- C:\Program Files\iPod
2008-06-29 14:29 . 2008-06-29 14:29 <DIR> d-------- C:\Documents and Settings\Asd_\Application Data\Apple Computer
2008-06-29 14:28 . 2008-06-29 14:28 <DIR> d-------- C:\Program Files\Bonjour
2008-06-29 14:27 . 2008-06-29 14:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-29 13:47 . 2008-06-29 13:47 <DIR> d-------- C:\Program Files\Apple Software Update
2008-06-29 13:46 . 2008-06-29 13:46 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-06-29 13:46 . 2008-06-29 13:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-29 17:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Babylon
2008-07-29 17:52 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2008-07-29 17:52 5,708 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-07-29 17:52 434,208 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-07-29 17:52 3,071,520 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-29 17:52 28,220 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-07-29 17:38 --------- d-----w C:\Documents and Settings\Asd_\Application Data\Babylon
2008-07-29 17:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-07-27 15:50 77,824 ----a-w C:\WINDOWS\system32\xcomm.dll
2008-07-20 18:07 86,792 ----a-w C:\WINDOWS\system32\drivers\bdfndisf.sys
2008-07-20 15:45 --------- d-----w C:\Documents and Settings\Asd_\Application Data\uTorrent
2008-07-20 07:10 --------- d-----w C:\Program Files\uTorrent
2008-06-29 08:38 --------- d-----w C:\Program Files\Sipru
2008-06-28 18:22 --------- d-----w C:\Documents and Settings\Asd_\Application Data\DivX
2008-06-25 06:05 --------- d-----w C:\Documents and Settings\Asd_\Application Data\vlc
2008-06-25 05:07 --------- d-----w C:\Program Files\VideoLAN
2008-06-25 04:59 --------- d-----w C:\Program Files\DivX
2008-06-23 17:29 --------- d-----w C:\Documents and Settings\Asd_\Application Data\Media Player Classic
2008-06-17 06:51 96,966 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-06-17 06:51 88,774 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-06-17 06:32 --------- d-----w C:\Program Files\Kaspersky Lab
2008-06-17 06:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-06-08 21:33 --------- d-----w C:\Program Files\Java
2008-06-08 21:30 --------- d-----w C:\Program Files\Common Files\Java
2008-06-08 21:14 --------- d-----w C:\Program Files\myBabylon
2008-06-08 21:14 --------- d-----w C:\Program Files\Conduit
2008-06-08 21:13 --------- d-----w C:\Program Files\Babylon
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-05-30 23:22 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-05-30 23:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-05-30 23:22 683,520 ----a-w C:\WINDOWS\system32\DivX.dll
2008-05-30 23:22 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-05-30 23:22 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-05-30 23:22 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-05-30 23:22 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-05-22 22:22 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-05-22 22:22 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-05-22 22:22 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-05-22 22:22 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-05-22 22:22 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2008-05-22 22:20 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-05-22 22:20 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-05-22 22:19 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-05-22 22:19 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-05-22 22:19 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-05-22 22:18 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-22 14:48 37,888 ----a-w C:\WINDOWS\system32\setupnt.dll
2008-05-22 14:48 126,976 ----a-w C:\WINDOWS\system32\snapapi.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{34ea1c70-42cc-42c5-aa29-ec58b95a343e}"= "C:\Program Files\myBabylon\tbmyBa.dll" [2008-02-14 14:54 1555480]
[HKEY_CLASSES_ROOT\clsid\{34ea1c70-42cc-42c5-aa29-ec58b95a343e}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{34ea1c70-42cc-42c5-aa29-ec58b95a343e}]
2008-02-14 14:54 1555480 --a------ C:\Program Files\myBabylon\tbmyBa.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{34ea1c70-42cc-42c5-aa29-ec58b95a343e}"= "C:\Program Files\myBabylon\tbmyBa.dll" [2008-02-14 14:54 1555480]
[HKEY_CLASSES_ROOT\clsid\{34ea1c70-42cc-42c5-aa29-ec58b95a343e}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{34EA1C70-42CC-42C5-AA29-EC58B95A343E}"= "C:\Program Files\myBabylon\tbmyBa.dll" [2008-02-14 14:54 1555480]
[HKEY_CLASSES_ROOT\clsid\{34ea1c70-42cc-42c5-aa29-ec58b95a343e}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 17:19 356352]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acronis True Image Monitor"="C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe" [2008-05-22 17:48 417431]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-05-22 17:48 61440]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-04-25 18:21 201992]
"QuickTime Task"="C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"Babylon Client"="C:\Program Files\Babylon\Babylon-Pro\Babylon.exe" [2008-03-11 09:23 3551456]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-07-20 19:14 368640]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2008-07-20 19:14 61440]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-06-02 11:13 267048]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.3iv2"= 3ivxVfWCodec.dll
"VIDC.HFYU"= huffyuv.dll
"VIDC.VP31"= vp31vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"D:\\d\\eMule\\emule.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 18:29]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-07-20 21:07]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-03-25 20:07]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{419ae726-55b6-11dd-b540-000b6a7a0b92}]
\Shell\AutoRun\command - H:\r6r.exe
\Shell\explore\Command - H:\r6r.exe
\Shell\open\Command - H:\r6r.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{419ae727-55b6-11dd-b540-000b6a7a0b92}]
\Shell\AutoRun\command - I:\r6r.exe
\Shell\explore\Command - I:\r6r.exea
\Shell\open\Command - I:\r6r.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{737543aa-3092-11dd-b4fd-000b6a7a0b92}]
\Shell\AutoRun\command - H:\r6r.exe
\Shell\explore\Command - H:\r6r.exe
\Shell\open\Command - H:\r6r.exe
.
Contents of the 'Scheduled Tasks' folder
2008-07-18 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]
2008-07-29 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-kamsoft - C:\WINDOWS\system32\ckvo.exe
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = about:blank
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 -: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 -: Microsoft Excel'e Gö&nder - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 -: Translate with &Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O17 -: HKLM\CCS\Interface\{0AF45CB5-825E-4FF4-8FF6-ED8D4A7CD6FF}: NameServer = 192.168.2.1
O16 -: {0FC8B38E-9293-424C-9D0E-CE60775679CF} - hxxps://sube.garanti.com.tr/lib/JaguarEditControl.CAB
C:\WINDOWS\Downloaded Program Files\JaguarEditControl.INF
C:\WINDOWS\Downloaded Program Files\JaguarEditControl.dll
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-29 20:54:15
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"Acronis True Image Monitor"="\"C:\\Program Files\\Acronis\\TrueImage\\TrueImageMonitor.exe\""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bdfsfltr]
"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bdfsfltr]
"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-07-29 20:58:44 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-29 17:58:03
Pre-Run: 95,734,710,272 bytes free
Post-Run: 96,478,560,256 bytes free
2320 -
Hello mustafaazizoglu,
Please do this press the windows button together with r now type this:
regsvr32 -u "C:\WINDOWS\system32\ckvo1.dll press enter.
Please open wordpad:
Type this:
File: :
C:\e9ehn1m8.com
C:\WINDOWS\system32\ckvo1.dll
Save the file as CFScript.txt and save it at your desktop.
Please drag and drop CFScript.txt on the Combofix icon.
Reboot your pc if asked and post a new combofix log.
After that download also flash disinfector witch you can find here. Please attach all your usb devices. Now double click on Flash Disinfector to run it.
Kind regards,
Niels0 -
Hi Niels,
Thank you very much for your help, but when i typed what you said, it says:
LoadLibrary("C:\WINDOWS\system32\ckvo1.dll) failed. Access is denied. So I didn't follow the suit. What should i do?
Best regards,
Mustafa0 -
Hello mustafaazizoglu,
Just follow the rest off my instructions. Please do this also so BitDefender will be able to detect the infections you had. Click on start,my computer,double click on the icon off your hard disc were you store your software. You will see a folder called QooBox open the quarantine subfolder. You will see subfolders please archive the content off these folders. But first you need to rename the file that looks like this
blabla.dll.vir Rename it and remove .vir confirm the warning off microsoft. If you don't see .vir please do this once you are in the quarantine or the subfolders to the tools menu,folder options,press on the display/view tab unchek hide extensions for known file types press on apply and ok to confirm.
How to do that follow the instructions in this topic. Follow the instructions that are in post 2. After you have done that please make a new topic in this forum section. To add an attachment is very easy once you are in the screen for creating a topic or reply just scroll down you will see a section called Attachments press on browse and navigate to the location off your archive press on open and press on upload. There is a 2 MB file upload.
Kind regards,
Niels0 -
Hi Niels,
Here's the log report of combo fix:
I'll do the other instructions now. Thank you.
ComboFix 08-07-28.6 - Asd_ 2008-08-01 1:00:43.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.899 [GMT 3:00]
Running from: C:\Documents and Settings\Asd_\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Asd_\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-06-28 to 2008-07-31 )))))))))))))))))))))))))))))))
.
2008-07-20 23:32 . 2008-08-01 01:05 121 --a------ C:\WINDOWS\bdagent.INI
2008-07-20 19:02 . 2008-07-20 19:02 <DIR> d-------- C:\Documents and Settings\Asd_\Application Data\BitDefender
2008-07-20 18:59 . 2008-07-20 19:00 <DIR> d-------- C:\Program Files\BitDefender
2008-07-20 18:59 . 2008-07-20 19:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-07-20 18:54 . 2008-07-20 19:00 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2008-07-20 00:54 . 2008-07-29 20:28 79,360 -r-hs---- C:\WINDOWS\system32\ckvo1.dll
2008-07-19 21:08 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-07-19 21:08 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-07-19 20:16 . 2008-07-19 20:16 <DIR> d-------- C:\Program Files\Avanquest update
2008-07-19 20:16 . 2008-07-19 20:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-07-19 20:14 . 2008-07-19 20:14 <DIR> d-------- C:\Program Files\Sony Ericsson
2008-07-19 20:14 . 2008-07-19 20:14 <DIR> d-------- C:\Documents and Settings\Asd_\Application Data\InstallShield
2008-07-19 20:14 . 2008-07-19 20:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-07-14 16:16 . 2008-07-14 16:16 <DIR> d-------- C:\Program Files\Microsoft Reader
2008-07-14 16:16 . 2008-07-19 20:16 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-07-14 16:16 . 2003-06-05 17:15 57,436 --a------ C:\WINDOWS\DASShp.dll
2008-07-14 16:15 . 2008-07-14 16:16 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-07-11 00:02 . 2008-07-11 00:02 50,200 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-07-10 23:42 . 2008-07-11 01:01 <DIR> d-------- C:\Documents and Settings\Asd_\Application Data\mIRC
2008-07-02 23:15 . 2008-07-02 23:15 <DIR> d-------- C:\Program Files\TimeAdjuster
2008-07-02 22:12 . 2008-07-02 22:12 <DIR> d-------- C:\Program Files\URUSoft
2008-07-02 22:01 . 2008-07-02 22:01 <DIR> d-------- C:\Program Files\POP Software
2008-06-30 01:41 . 2008-06-30 01:43 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-06-29 14:43 . 2008-06-29 23:28 <DIR> d-------- C:\divx
2008-06-29 14:29 . 2008-06-29 14:29 <DIR> d-------- C:\Program Files\iTunes
2008-06-29 14:29 . 2008-06-29 14:29 <DIR> d-------- C:\Program Files\iPod
2008-06-29 14:29 . 2008-06-29 14:29 <DIR> d-------- C:\Documents and Settings\Asd_\Application Data\Apple Computer
2008-06-29 14:28 . 2008-06-29 14:28 <DIR> d-------- C:\Program Files\Bonjour
2008-06-29 14:27 . 2008-06-29 14:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-29 13:47 . 2008-06-29 13:47 <DIR> d-------- C:\Program Files\Apple Software Update
2008-06-29 13:46 . 2008-06-29 13:46 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-06-29 13:46 . 2008-06-29 13:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-06-28 21:20 . 2008-07-27 18:39 <DIR> d-------- C:\Temp
2008-06-25 09:05 . 2008-06-25 09:05 <DIR> d-------- C:\Documents and Settings\Asd_\Application Data\vlc
2008-06-25 08:07 . 2008-06-25 08:07 <DIR> d-------- C:\Program Files\VideoLAN
2008-06-25 08:00 . 2008-06-28 21:22 <DIR> d-------- C:\Documents and Settings\Asd_\Application Data\DivX
2008-06-25 07:58 . 2008-06-25 07:59 <DIR> d-------- C:\Program Files\DivX
2008-06-25 07:58 . 2008-05-23 01:22 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2008-06-25 07:58 . 2008-05-23 01:22 120,056 --------- C:\WINDOWS\system32\pxcpyi64.exe
2008-06-25 07:58 . 2008-05-23 01:22 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
2008-06-25 07:58 . 2008-05-23 01:22 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-06-25 07:58 . 2008-05-23 01:22 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-06-25 07:41 . 2008-06-29 11:38 <DIR> d-------- C:\Program Files\Sipru
2008-06-23 20:29 . 2008-06-23 20:29 <DIR> d-------- C:\Documents and Settings\Asd_\Application Data\Media Player Classic
2008-06-22 19:33 . 2008-07-20 10:10 <DIR> d-------- C:\Program Files\uTorrent
2008-06-22 19:33 . 2008-07-20 18:45 <DIR> d-------- C:\Documents and Settings\Asd_\Application Data\uTorrent
2008-06-17 09:51 . 2008-07-15 23:26 268 --ah----- C:\sqmdata19.sqm
2008-06-17 09:51 . 2008-07-15 23:26 244 --ah----- C:\sqmnoopt19.sqm
2008-06-17 09:43 . 2008-07-14 15:49 268 --ah----- C:\sqmdata18.sqm
2008-06-17 09:43 . 2008-07-14 15:49 244 --ah----- C:\sqmnoopt18.sqm
2008-06-17 09:34 . 2008-08-01 00:55 268 --ah----- C:\sqmdata17.sqm
2008-06-17 09:34 . 2008-08-01 00:55 244 --ah----- C:\sqmnoopt17.sqm
2008-06-17 09:33 . 2008-06-17 09:51 96,966 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-06-17 09:33 . 2008-06-17 09:51 88,774 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-06-17 09:32 . 2008-06-17 09:32 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-06-17 09:32 . 2008-08-01 00:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-17 09:32 . 2008-08-01 00:53 3,071,520 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-17 09:32 . 2008-08-01 00:53 442,400 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-17 09:32 . 2008-08-01 00:53 28,220 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-17 09:32 . 2008-08-01 00:53 5,736 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-06-17 09:31 . 2008-06-17 09:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-06-15 18:47 . 2008-07-31 23:24 268 --ah----- C:\sqmdata16.sqm
2008-06-15 18:47 . 2008-07-31 23:24 244 --ah----- C:\sqmnoopt16.sqm
2008-06-15 11:33 . 2008-07-30 21:07 268 --ah----- C:\sqmdata15.sqm
2008-06-15 11:33 . 2008-07-30 21:07 244 --ah----- C:\sqmnoopt15.sqm
2008-06-14 18:42 . 2008-07-29 20:55 268 --ah----- C:\sqmdata14.sqm
2008-06-14 18:42 . 2008-07-29 20:55 244 --ah----- C:\sqmnoopt14.sqm
2008-06-14 11:21 . 2008-07-29 20:28 268 --ah----- C:\sqmdata13.sqm
2008-06-14 11:21 . 2008-07-29 20:28 244 --ah----- C:\sqmnoopt13.sqm
2008-06-13 18:02 . 2008-07-28 20:44 268 --ah----- C:\sqmdata12.sqm
2008-06-13 18:02 . 2008-07-28 20:44 244 --ah----- C:\sqmnoopt12.sqm
2008-06-13 11:14 . 2008-07-28 20:19 268 --ah----- C:\sqmdata11.sqm
2008-06-13 11:14 . 2008-07-28 20:19 244 --ah----- C:\sqmnoopt11.sqm
2008-06-12 20:29 . 2008-07-28 19:59 268 --ah----- C:\sqmdata10.sqm
2008-06-12 20:29 . 2008-07-28 19:59 244 --ah----- C:\sqmnoopt10.sqm
2008-06-11 21:54 . 2008-07-28 00:11 268 --ah----- C:\sqmdata09.sqm
2008-06-11 21:54 . 2008-07-28 00:11 244 --ah----- C:\sqmnoopt09.sqm
2008-06-11 21:06 . 2008-07-27 18:54 268 --ah----- C:\sqmdata08.sqm
2008-06-11 21:06 . 2008-07-27 18:54 244 --ah----- C:\sqmnoopt08.sqm
2008-06-09 00:33 . 2008-06-09 00:33 <DIR> d-------- C:\WINDOWS\Sun
2008-06-09 00:33 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-09 00:32 . 2008-06-09 00:33 <DIR> d-------- C:\Program Files\Java
2008-06-09 00:30 . 2008-06-09 00:30 <DIR> d-------- C:\Program Files\Common Files\Java
2008-06-09 00:14 . 2008-06-09 00:14 <DIR> d-------- C:\Program Files\myBabylon
2008-06-09 00:14 . 2008-06-09 00:14 <DIR> d-------- C:\Program Files\Conduit
2008-06-09 00:13 . 2008-06-09 00:13 <DIR> d-------- C:\Program Files\Babylon
2008-06-09 00:13 . 2008-07-29 20:38 <DIR> d-------- C:\Documents and Settings\Asd_\Application Data\Babylon
2008-06-09 00:13 . 2008-08-01 00:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Babylon
2008-06-08 23:17 . 2008-07-27 18:21 268 --ah----- C:\sqmdata07.sqm
2008-06-08 23:17 . 2008-07-27 18:21 244 --ah----- C:\sqmnoopt07.sqm
2008-06-08 17:39 . 2008-07-20 15:36 268 --ah----- C:\sqmdata06.sqm
2008-06-08 17:39 . 2008-07-20 15:36 244 --ah----- C:\sqmnoopt06.sqm
2008-06-07 19:45 . 2008-07-19 18:14 268 --ah----- C:\sqmdata05.sqm
2008-06-07 19:45 . 2008-07-19 18:14 244 --ah----- C:\sqmnoopt05.sqm
2008-06-05 21:42 . 2008-07-18 23:27 268 --ah----- C:\sqmdata04.sqm
2008-06-05 21:42 . 2008-07-18 23:27 244 --ah----- C:\sqmnoopt04.sqm
2008-06-04 23:00 . 2008-07-18 20:19 268 --ah----- C:\sqmdata03.sqm
2008-06-04 23:00 . 2008-07-18 20:19 244 --ah----- C:\sqmnoopt03.sqm
2008-06-02 19:42 . 2008-06-02 22:23 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-06-02 19:28 . 2008-08-01 01:06 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2008-06-02 19:00 . 2008-07-16 23:39 268 --ah----- C:\sqmdata02.sqm
2008-06-02 19:00 . 2008-07-16 23:39 244 --ah----- C:\sqmnoopt02.sqm
2008-06-02 16:06 . 2008-07-16 01:09 268 --ah----- C:\sqmdata01.sqm
2008-06-02 16:06 . 2008-07-16 01:09 244 --ah----- C:\sqmnoopt01.sqm
2008-06-02 14:08 . 2008-07-27 18:39 116 --a------ C:\WINDOWS\NeroDigital.ini
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-27 15:50 77,824 ----a-w C:\WINDOWS\system32\xcomm.dll
2008-07-20 18:07 86,792 ----a-w C:\WINDOWS\system32\drivers\bdfndisf.sys
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-05-30 23:22 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-05-30 23:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-05-30 23:22 683,520 ----a-w C:\WINDOWS\system32\DivX.dll
2008-05-30 23:22 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-05-30 23:22 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-05-30 23:22 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-05-30 23:22 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-05-22 22:22 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-05-22 22:22 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-05-22 22:20 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-05-22 22:20 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-05-22 22:19 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-05-22 22:19 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-05-22 22:19 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-05-22 22:18 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-22 14:48 37,888 ----a-w C:\WINDOWS\system32\setupnt.dll
2008-05-22 14:48 126,976 ----a-w C:\WINDOWS\system32\snapapi.dll
2008-04-25 15:22 206,088 ----a-w C:\WINDOWS\system32\klogon.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{34ea1c70-42cc-42c5-aa29-ec58b95a343e}"= "C:\Program Files\myBabylon\tbmyBa.dll" [2008-02-14 14:54 1555480]
[HKEY_CLASSES_ROOT\clsid\{34ea1c70-42cc-42c5-aa29-ec58b95a343e}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{34ea1c70-42cc-42c5-aa29-ec58b95a343e}]
2008-02-14 14:54 1555480 --a------ C:\Program Files\myBabylon\tbmyBa.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{34ea1c70-42cc-42c5-aa29-ec58b95a343e}"= "C:\Program Files\myBabylon\tbmyBa.dll" [2008-02-14 14:54 1555480]
[HKEY_CLASSES_ROOT\clsid\{34ea1c70-42cc-42c5-aa29-ec58b95a343e}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{34EA1C70-42CC-42C5-AA29-EC58B95A343E}"= "C:\Program Files\myBabylon\tbmyBa.dll" [2008-02-14 14:54 1555480]
[HKEY_CLASSES_ROOT\clsid\{34ea1c70-42cc-42c5-aa29-ec58b95a343e}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 17:19 356352]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acronis True Image Monitor"="C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe" [2008-05-22 17:48 417431]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-05-22 17:48 61440]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-04-25 18:21 201992]
"QuickTime Task"="C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"Babylon Client"="C:\Program Files\Babylon\Babylon-Pro\Babylon.exe" [2008-03-11 09:23 3551456]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-07-20 19:14 368640]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2008-07-20 19:14 61440]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-06-02 11:13 267048]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.3iv2"= 3ivxVfWCodec.dll
"VIDC.HFYU"= huffyuv.dll
"VIDC.VP31"= vp31vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"D:\\d\\eMule\\emule.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 18:29]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-07-20 21:07]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-03-25 20:07]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{419ae726-55b6-11dd-b540-000b6a7a0b92}]
\Shell\AutoRun\command - H:\r6r.exe
\Shell\explore\Command - H:\r6r.exe
\Shell\open\Command - H:\r6r.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{419ae727-55b6-11dd-b540-000b6a7a0b92}]
\Shell\AutoRun\command - I:\r6r.exe
\Shell\explore\Command - I:\r6r.exe
\Shell\open\Command - I:\r6r.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{737543aa-3092-11dd-b4fd-000b6a7a0b92}]
\Shell\AutoRun\command - H:\r6r.exe
\Shell\explore\Command - H:\r6r.exe
\Shell\open\Command - H:\r6r.exe
.
Contents of the 'Scheduled Tasks' folder
2008-07-18 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]
2008-07-31 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-01 01:06:09
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"Acronis True Image Monitor"="\"C:\\Program Files\\Acronis\\TrueImage\\TrueImageMonitor.exe\""
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\bdfsfltr]
"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\bdfsfltr]
"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\
.
Completion time: 2008-08-01 1:08:38
ComboFix-quarantined-files.txt 2008-07-31 22:08:18
ComboFix2.txt 2008-07-31 20:39:57
ComboFix3.txt 2008-07-29 17:58:50
Pre-Run: 96,413,945,856 bytes free
Post-Run: 96,408,510,464 bytes free
2460 -
First of all, disable System Restore !
Download ComboFix from here: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Then close all running programs, including web browser, instant messenger, etc and then run ComboFix.
It will ask you whether it should start cleaning or not. Press 1 and hit Enter. Don't stop it while running. While doing this your screen may disappear but don't worry, it's a normal behaviour.
At the end ComboFix will generate a log file. Save it and post it here.
Hello, i have seen that you recommend to all user this Combofix, but how can you do that everywhere here when this file is self a trojan tool?
I just scanned it from virustotal and
f-prot, mcafee, sophos, avira, panda and alot more antivirus detected it as trojan tool.
that file should maybe be added to Bitdefender detection list also?0 -
Hello mustafaazizoglu,
Please do this:
Click on start,my computer,double click on the icon off your hard disk or partition were windows or your software is installed on. After that open the QooBox and the following subfolder Quarantine. Now open the the two subfolders normally you have to open the folder that has the drive letter off your hard disk or partition,windows check also if there are other folders also and open the subfolders. You will see entries that looks like this blabla.dll.vir. Rename the files and remove .vir confirm the windows message. You need to archive them. How to do that take a look at the second post in this topic.
After that make a new topic in this forum section. Now upload the archive or archives you have made. This is easy once you are in the create a topic or reply screen just scroll down untill you see the Attachments section press on browse and navigate to the location off your archive press on upload. There is 2 mb file upload limit.
Kind regards,
Niels
Hello Flavor,
Combofix isn't a threat. This is just a little tool that is designed to create a report off all created files,folder,... that are created in a month. Another purpose is that it can delete certain malware. Other vendors detect it just as riskware (that are legit tools that also can be misused). The reason why they do that is because combofix deletes registry entries,files,... in the background so you will not see anything by using a legitimate freeware tool.
Kind regards,
Niels0 -
Hi Niels,
I misunderstood and made a mistake. Instead of renaming and removing the .vir part of the files in the quarantine, I deleted those files with .vir extension. Does it make a big harm? How should i continue? Should i still archive the other files?
Thank you.
Best regards,
Mustafa0 -
Hello,
I still have msanti.bt virus. What should i do?
Best regards,
Mustafa0 -
Hello mustafaazizoglu,
Please do this reboot your pc into safe mode. To do that just reboot your pc. Press several times on the F8 button before the windows splash screen. Log in with your account. Click on start,right click on my computer choose properties now click on the system restore tab and select the option disable system restore on all stations press on apply and ok. This can take a few moments confirm the warning. Wait till everything is greyed out under the section stations. When that is done please uncheck the option disable system restore on all stations and press on apply and ok.
Can you please verify if on h: drive you still have the file r6r.exe? It's possible that you need to enable the option to be able to see hidden files. To do that explore h: go to the tools menu,folder options,view (display tab),select the option show hidden files and folders. If the file is still present please add it into an archive and post it on the same location as what I said for your previous samples.
I see that you still have Kasersky installed or there are still some remaints.
Kind regards,
Niels0 -
Hi Niels,
Thank you for your help.
I ristarted in safe mode and disabled system restore as you said, but i couldn't uncheck disable box, because it said i couldn't enable seystem restore in safe mode and i had to do that in normal mode. So i restarted in normal mode and enabled sesystem restore. Do you think this is the same?0 -
Hello mustafaazizoglu,
That is the same.
Kind regards,
Niels0
