Can Anyone Please Tell Me What To Do?

BitDefender Log File !!!!!


Product : BitDefender Total Security 2008


Version : BitDefender UIScanner v.11


Log date : 21:49:44 22/07/2008


Log path : C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Profiles\Logs\deep_scan\1216752584_1_02.xml


Scan Paths:Path0000: C:\


Path0001: D:\


Path0002: E:\


Path0003: F:\


Scan Options:Scan for viruses : Yes


Scan for adware : Yes


Scan for spyware : Yes


Scan for applications : Yes


Scan for dialers : Yes


Scan for rootkits : Yes


Target selection options:Scan registry keys : Yes


Scan cookies : Yes


Scan boot sectors : Yes


Scan memory processes : Yes


Scan archives : Yes


Scan runtime packers : Yes


Scan emails : Yes


Scan all files : Yes


Heuristic Scan : Yes


Scanned extensions :


Excluded extensions :


Target ProcessingDefault action for infected objects : Disinfect


Default action for suspicious objects : None


Default action for hidden objects : None


Scan engines summaryNumber of virus signatures : 1382392


Archive plugins : 43


Email plugins : 6


Scan plugins : 12


Archive plugins : 43


System plugins : 4


Unpack plugins : 7


Overall scan summaryScanned items : 352991


Infected items : 91


Suspicious items : 0


Resolved items : 0


Individual viruses found : 8


Scanned directories : 8233


Scanned boot sectors : 12


Scanned archives : 4130


Input-output errors : 29


Scan time : 00:04:06:51


Files per second : 23


Scanned processes summaryScanned : 29


Infected : 0


Scanned registry keys summaryScanned : 308


Infected : 0


Scanned cookies summaryScanned : 0


Infected : 0


Remaining issues:Object Name Threat Name Final Status


E:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP21\A0001579.exe=](Instyler o)=](Instyler Module 11) Adware.Newdotnet.A Infected (no action was possible, file was in an archive)


C:\Documents and Settings\Asd_\Local Settings\Temp\i.dll Packer.Malware.NSAnti.AO Disinfect Failed


[system]=]HKEY_USERS\S-1-5-21-117609710-57989841-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\amva=]C:\WINDOWS\SYSTEM32\AMVO.EXE Packer.Malware.NSAnti.BR Infected


C:\Documents and Settings\Asd_\Local Settings\Temp\kd2.dll Packer.Malware.NSAnti.BR Disinfect Failed


C:\Documents and Settings\Asd_\Local Settings\Temp\m9t.dll Packer.Malware.NSAnti.BR Disinfect Failed


C:\Documents and Settings\Asd_\Local Settings\Temp\nphvz5.dll Packer.Malware.NSAnti.BR Disinfect Failed


C:\Documents and Settings\Asd_\Local Settings\Temp\yedp8.dll Packer.Malware.NSAnti.BR Disinfect Failed


C:\f0.cmd Packer.Malware.NSAnti.BR Disinfect Failed


C:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP41\A0014224.cmd Packer.Malware.NSAnti.BR Disinfect Failed


C:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP41\A0014233.exe Packer.Malware.NSAnti.BR Disinfect Failed


C:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP41\A0014250.dll Packer.Malware.NSAnti.BR Disinfect Failed


C:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP41\A0014251.dll Packer.Malware.NSAnti.BR Disinfect Failed


C:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP41\A0014252.cmd Packer.Malware.NSAnti.BR Disinfect Failed


C:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP41\A0014313.exe Packer.Malware.NSAnti.BR Disinfect Failed


C:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP41\A0014413.dll Packer.Malware.NSAnti.BR Disinfect Failed


C:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP41\A0014419.exe Packer.Malware.NSAnti.BR Disinfect Failed


C:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP41\A0014420.dll Packer.Malware.NSAnti.BR Disinfect Failed


C:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP41\A0014436.dll Packer.Malware.NSAnti.BR Disinfect Failed


C:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP41\A0014437.dll Packer.Malware.NSAnti.BR Disinfect Failed


C:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP41\A0014438.exe Packer.Malware.NSAnti.BR Disinfect Failed


C:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP41\A0014439.cmd Packer.Malware.NSAnti.BR Disinfect Failed


C:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP41\A0014451.exe Packer.Malware.NSAnti.BR Disinfect Failed


C:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP41\A0014452.dll Packer.Malware.NSAnti.BR Disinfect Failed


C:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP41\A0014454.exe Packer.Malware.NSAnti.BR Disinfect Failed


C:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP41\A0014455.dll Packer.Malware.NSAnti.BR Disinfect Failed


C:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP42\A0014471.exe Packer.Malware.NSAnti.BR Disinfect Failed


C:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP42\A0014481.cmd Packer.Malware.NSAnti.BR Disinfect Failed


C:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP42\A0015436.dll Packer.Malware.NSAnti.BR Disinfect Failed


C:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP42\A0015437.dll Packer.Malware.NSAnti.BR Disinfect Failed


C:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP42\A0015438.exe Packer.Malware.NSAnti.BR Disinfect Failed


C:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP42\A0015451.exe Packer.Malware.NSAnti.BR Disinfect Failed


C:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP42\A0015452.dll Packer.Malware.NSAnti.BR Disinfect Failed


C:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP42\A0015600.dll Packer.Malware.NSAnti.BR Disinfect Failed


C:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP42\A0015601.dll Packer.Malware.NSAnti.BR Disinfect Failed


C:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP42\A0015603.cmd Packer.Malware.NSAnti.BR Disinfect Failed


C:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP42\A0015610.exe Packer.Malware.NSAnti.BR Disinfect Failed


C:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP42\A0015619.exe Packer.Malware.NSAnti.BR Disinfect Failed


C:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP42\A0015620.dll Packer.Malware.NSAnti.BR Disinfect Failed


C:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP42\A0015662.dll Packer.Malware.NSAnti.BR Disinfect Failed


C:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP42\A0015663.dll Packer.Malware.NSAnti.BR Disinfect Failed


C:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP42\A0015665.cmd Packer.Malware.NSAnti.BR Disinfect Failed


C:\WINDOWS\system32\amvo.exe Packer.Malware.NSAnti.BR Disinfect Failed


C:\WINDOWS\system32\amvo0.dll Packer.Malware.NSAnti.BR Disinfect Failed


C:\WINDOWS\system32\amvo1.dll Packer.Malware.NSAnti.BR Disinfect Failed


C:\ybj8df.exe Packer.Malware.NSAnti.BR Disinfect Failed


D:\f0.cmd Packer.Malware.NSAnti.BR Disinfect Failed


D:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP41\A0014226.cmd Packer.Malware.NSAnti.BR Disinfect Failed


D:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP41\A0014234.exe Packer.Malware.NSAnti.BR Disinfect Failed


D:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP41\A0014254.cmd Packer.Malware.NSAnti.BR Disinfect Failed


D:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP41\A0014316.exe Packer.Malware.NSAnti.BR Disinfect Failed


D:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP41\A0014441.exe Packer.Malware.NSAnti.BR Disinfect Failed


D:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP41\A0014442.cmd Packer.Malware.NSAnti.BR Disinfect Failed


D:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP42\A0014474.exe Packer.Malware.NSAnti.BR Disinfect Failed


D:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP42\A0014482.cmd Packer.Malware.NSAnti.BR Disinfect Failed


D:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP42\A0015440.exe Packer.Malware.NSAnti.BR Disinfect Failed


D:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP42\A0015605.cmd Packer.Malware.NSAnti.BR Disinfect Failed


D:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP42\A0015612.exe Packer.Malware.NSAnti.BR Disinfect Failed


D:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP42\A0015668.cmd Packer.Malware.NSAnti.BR Disinfect Failed


D:\ybj8df.exe Packer.Malware.NSAnti.BR Disinfect Failed


E:\f0.cmd Packer.Malware.NSAnti.BR Disinfect Failed


E:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP41\A0014228.cmd Packer.Malware.NSAnti.BR Disinfect Failed


E:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP41\A0014235.exe Packer.Malware.NSAnti.BR Disinfect Failed


E:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP41\A0014256.cmd Packer.Malware.NSAnti.BR Disinfect Failed


E:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP41\A0014324.exe Packer.Malware.NSAnti.BR Disinfect Failed


E:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP41\A0014444.cmd Packer.Malware.NSAnti.BR Disinfect Failed


E:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP41\A0014445.exe Packer.Malware.NSAnti.BR Disinfect Failed


E:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP42\A0014476.exe Packer.Malware.NSAnti.BR Disinfect Failed


E:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP42\A0014483.cmd Packer.Malware.NSAnti.BR Disinfect Failed


E:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP42\A0015442.exe Packer.Malware.NSAnti.BR Disinfect Failed


E:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP42\A0015607.cmd Packer.Malware.NSAnti.BR Disinfect Failed


E:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP42\A0015613.exe Packer.Malware.NSAnti.BR Disinfect Failed


E:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP42\A0015671.cmd Packer.Malware.NSAnti.BR Disinfect Failed


E:\ybj8df.exe Packer.Malware.NSAnti.BR Disinfect Failed


F:\f0.cmd Packer.Malware.NSAnti.BR Disinfect Failed


F:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP41\A0014230.cmd Packer.Malware.NSAnti.BR Disinfect Failed


F:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP41\A0014236.exe Packer.Malware.NSAnti.BR Disinfect Failed


F:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP41\A0014258.cmd Packer.Malware.NSAnti.BR Disinfect Failed


F:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP41\A0014331.exe Packer.Malware.NSAnti.BR Disinfect Failed


F:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP41\A0014447.exe Packer.Malware.NSAnti.BR Disinfect Failed


F:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP41\A0014448.cmd Packer.Malware.NSAnti.BR Disinfect Failed


F:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP42\A0014478.exe Packer.Malware.NSAnti.BR Disinfect Failed


F:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP42\A0014484.cmd Packer.Malware.NSAnti.BR Disinfect Failed


F:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP42\A0015445.exe Packer.Malware.NSAnti.BR Disinfect Failed


F:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP42\A0015609.cmd Packer.Malware.NSAnti.BR Disinfect Failed


F:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP42\A0015614.exe Packer.Malware.NSAnti.BR Disinfect Failed


F:\System Volume Information\_restore{C6608B05-EF20-461F-AB9E-34C0A50E4CC2}\RP42\A0015675.cmd Packer.Malware.NSAnti.BR Disinfect Failed


F:\ybj8df.exe Packer.Malware.NSAnti.BR Disinfect Failed


D:\d\New Folder\57 Cooking E-Books.iso=]autorun.exe Trojan.Generic.316161 Delete Failed (file was in an archive)


D:\d\New Folder\Cleaning and Stain removal for Dummies.iso=]autorun.exe Trojan.Generic.316161 Delete Failed (file was in an archive)


D:\d\New Folder\Europe for Dummies 4th Edition.iso=]autorun.exe Trojan.Generic.316161 Delete Failed (file was in an archive)


D:\d\New Folder\Intermediate Spanish for Dummies.iso=]autorun.exe Trojan.Generic.316161 Delete Failed (file was in an archive)


Resolved issues:Object Name Threat Name Final Status


Objects that were not scanned:Object Name Reason Final Status


D:\d\New Folder\Arabic Learning Collection\Software\Rosetta Stone Arabic Explorer\Rosetta Stone Arabic Explorer.mdf=]autorun.apm=]amsdata.dat Password-Protected No action was possible


D:\d\New Folder\Madonna - Hard Candy [mp3-vbr-2008] Full Download .rar=]Madonna - Hard Candy [mp3-vbr-2008] Full Download\Madonna - Hard Candy [mp3-vbr-2008] Full Download.rar=]Madonna - Hard Candy [mp3-vbr-2008] Full Download\01 - Candy Shop.mp3 Password-Protected No action was possible


D:\d\New Folder\Madonna - Hard Candy [mp3-vbr-2008] Full Download .rar=]Madonna - Hard Candy [mp3-vbr-2008] Full Download\Madonna - Hard Candy [mp3-vbr-2008] Full Download.rar=]Madonna - Hard Candy [mp3-vbr-2008] Full Download\02 - 4 Minutes.mp3 Password-Protected No action was possible


D:\d\New Folder\Madonna - Hard Candy [mp3-vbr-2008] Full Download .rar=]Madonna - Hard Candy [mp3-vbr-2008] Full Download\Madonna - Hard Candy [mp3-vbr-2008] Full Download.rar=]Madonna - Hard Candy [mp3-vbr-2008] Full Download\03 - Give It 2 Me.mp3 Password-Protected No action was possible


D:\d\New Folder\Madonna - Hard Candy [mp3-vbr-2008] Full Download .rar=]Madonna - Hard Candy [mp3-vbr-2008] Full Download\Madonna - Hard Candy [mp3-vbr-2008] Full Download.rar=]Madonna - Hard Candy [mp3-vbr-2008] Full Download\04 - Heartbeat.mp3 Password-Protected No action was possible


D:\d\New Folder\Madonna - Hard Candy [mp3-vbr-2008] Full Download .rar=]Madonna - Hard Candy [mp3-vbr-2008] Full Download\Madonna - Hard Candy [mp3-vbr-2008] Full Download.rar=]Madonna - Hard Candy [mp3-vbr-2008] Full Download\05 - Miles Away.mp3 Password-Protected No action was possible


D:\d\New Folder\Madonna - Hard Candy [mp3-vbr-2008] Full Download .rar=]Madonna - Hard Candy [mp3-vbr-2008] Full Download\Madonna - Hard Candy [mp3-vbr-2008] Full Download.rar=]Madonna - Hard Candy [mp3-vbr-2008] Full Download\06 - She's Not Me.mp3 Password-Protected No action was possible


D:\d\New Folder\Madonna - Hard Candy [mp3-vbr-2008] Full Download .rar=]Madonna - Hard Candy [mp3-vbr-2008] Full Download\Madonna - Hard Candy [mp3-vbr-2008] Full Download.rar=]Madonna - Hard Candy [mp3-vbr-2008] Full Download\07 - Incredible.mp3 Password-Protected No action was possible


D:\d\New Folder\Madonna - Hard Candy [mp3-vbr-2008] Full Download .rar=]Madonna - Hard Candy [mp3-vbr-2008] Full Download\Madonna - Hard Candy [mp3-vbr-2008] Full Download.rar=]Madonna - Hard Candy [mp3-vbr-2008] Full Download\08 - Beat Goes On.mp3 Password-Protected No action was possible


D:\d\New Folder\Madonna - Hard Candy [mp3-vbr-2008] Full Download .rar=]Madonna - Hard Candy [mp3-vbr-2008] Full Download\Madonna - Hard Candy [mp3-vbr-2008] Full Download.rar=]Madonna - Hard Candy [mp3-vbr-2008] Full Download\09 - Dance 2night.mp3 Password-Protected No action was possible


D:\d\New Folder\Madonna - Hard Candy [mp3-vbr-2008] Full Download .rar=]Madonna - Hard Candy [mp3-vbr-2008] Full Download\Madonna - Hard Candy [mp3-vbr-2008] Full Download.rar=]Madonna - Hard Candy [mp3-vbr-2008] Full Download\10 - Spanish Lesson.mp3 Password-Protected No action was possible


D:\d\New Folder\Madonna - Hard Candy [mp3-vbr-2008] Full Download .rar=]Madonna - Hard Candy [mp3-vbr-2008] Full Download\Madonna - Hard Candy [mp3-vbr-2008] Full Download.rar=]Madonna - Hard Candy [mp3-vbr-2008] Full Download\11 - Devil Wouldn't Recognize You.mp3 Password-Protected No action was possible


D:\d\New Folder\Madonna - Hard Candy [mp3-vbr-2008] Full Download .rar=]Madonna - Hard Candy [mp3-vbr-2008] Full Download\Madonna - Hard Candy [mp3-vbr-2008] Full Download.rar=]Madonna - Hard Candy [mp3-vbr-2008] Full Download\12 - Voices.mp3 Password-Protected No action was possible


D:\d\New Folder\Madonna - Hard Candy [mp3-vbr-2008] Full Download .rar=]Madonna - Hard Candy [mp3-vbr-2008] Full Download\Madonna - Hard Candy [mp3-vbr-2008] Full Download.rar=]Madonna - Hard Candy [mp3-vbr-2008] Full Download\front.jpg Password-Protected No action was possible


D:\RECYCLER\S-1-5-21-117609710-57989841-725345543-1003\Dd19.rar=]Stretching For Dummies.rar=]Stretching For Dummies.pdf Password-Protected No action was possible


E:\windows yedek\New Folder\Madonna - Hard Candy [mp3-vbr-2008] Full Download .rar=]Madonna - Hard Candy [mp3-vbr-2008] Full Download\Madonna - Hard Candy [mp3-vbr-2008] Full Download.rar=]Madonna - Hard Candy [mp3-vbr-2008] Full Download\01 - Candy Shop.mp3 Password-Protected No action was possible


E:\windows yedek\New Folder\Madonna - Hard Candy [mp3-vbr-2008] Full Download .rar=]Madonna - Hard Candy [mp3-vbr-2008] Full Download\Madonna - Hard Candy [mp3-vbr-2008] Full Download.rar=]Madonna - Hard Candy [mp3-vbr-2008] Full Download\02 - 4 Minutes.mp3 Password-Protected No action was possible


E:\windows yedek\New Folder\Madonna - Hard Candy [mp3-vbr-2008] Full Download .rar=]Madonna - Hard Candy [mp3-vbr-2008] Full Download\Madonna - Hard Candy [mp3-vbr-2008] Full Download.rar=]Madonna - Hard Candy [mp3-vbr-2008] Full Download\03 - Give It 2 Me.mp3 Password-Protected No action was possible


E:\windows yedek\New Folder\Madonna - Hard Candy [mp3-vbr-2008] Full Download .rar=]Madonna - Hard Candy [mp3-vbr-2008] Full Download\Madonna - Hard Candy [mp3-vbr-2008] Full Download.rar=]Madonna - Hard Candy [mp3-vbr-2008] Full Download\04 - Heartbeat.mp3 Password-Protected No action was possible


E:\windows yedek\New Folder\Madonna - Hard Candy [mp3-vbr-2008] Full Download .rar=]Madonna - Hard Candy [mp3-vbr-2008] Full Download\Madonna - Hard Candy [mp3-vbr-2008] Full Download.rar=]Madonna - Hard Candy [mp3-vbr-2008] Full Download\05 - Miles Away.mp3 Password-Protected No action was possible


E:\windows yedek\New Folder\Madonna - Hard Candy [mp3-vbr-2008] Full Download .rar=]Madonna - Hard Candy [mp3-vbr-2008] Full Download\Madonna - Hard Candy [mp3-vbr-2008] Full Download.rar=]Madonna - Hard Candy [mp3-vbr-2008] Full Download\06 - She's Not Me.mp3 Password-Protected No action was possible


E:\windows yedek\New Folder\Madonna - Hard Candy [mp3-vbr-2008] Full Download .rar=]Madonna - Hard Candy [mp3-vbr-2008] Full Download\Madonna - Hard Candy [mp3-vbr-2008] Full Download.rar=]Madonna - Hard Candy [mp3-vbr-2008] Full Download\07 - Incredible.mp3 Password-Protected No action was possible


E:\windows yedek\New Folder\Madonna - Hard Candy [mp3-vbr-2008] Full Download .rar=]Madonna - Hard Candy [mp3-vbr-2008] Full Download\Madonna - Hard Candy [mp3-vbr-2008] Full Download.rar=]Madonna - Hard Candy [mp3-vbr-2008] Full Download\08 - Beat Goes On.mp3 Password-Protected No action was possible


E:\windows yedek\New Folder\Madonna - Hard Candy [mp3-vbr-2008] Full Download .rar=]Madonna - Hard Candy [mp3-vbr-2008] Full Download\Madonna - Hard Candy [mp3-vbr-2008] Full Download.rar=]Madonna - Hard Candy [mp3-vbr-2008] Full Download\09 - Dance 2night.mp3 Password-Protected No action was possible


E:\windows yedek\New Folder\Madonna - Hard Candy [mp3-vbr-2008] Full Download .rar=]Madonna - Hard Candy [mp3-vbr-2008] Full Download\Madonna - Hard Candy [mp3-vbr-2008] Full Download.rar=]Madonna - Hard Candy [mp3-vbr-2008] Full Download\10 - Spanish Lesson.mp3 Password-Protected No action was possible


E:\windows yedek\New Folder\Madonna - Hard Candy [mp3-vbr-2008] Full Download .rar=]Madonna - Hard Candy [mp3-vbr-2008] Full Download\Madonna - Hard Candy [mp3-vbr-2008] Full Download.rar=]Madonna - Hard Candy [mp3-vbr-2008] Full Download\11 - Devil Wouldn't Recognize You.mp3 Password-Protected No action was possible


E:\windows yedek\New Folder\Madonna - Hard Candy [mp3-vbr-2008] Full Download .rar=]Madonna - Hard Candy [mp3-vbr-2008] Full Download\Madonna - Hard Candy [mp3-vbr-2008] Full Download.rar=]Madonna - Hard Candy [mp3-vbr-2008] Full Download\12 - Voices.mp3 Password-Protected No action was possible


E:\windows yedek\New Folder\Madonna - Hard Candy [mp3-vbr-2008] Full Download .rar=]Madonna - Hard Candy [mp3-vbr-2008] Full Download\Madonna - Hard Candy [mp3-vbr-2008] Full Download.rar=]Madonna - Hard Candy [mp3-vbr-2008] Full Download\front.jpg Password-Protected No action was possible

Comments

  • rootkit
    rootkit ✭✭✭

    First of all, disable System Restore !


    Download ComboFix from here: http://download.bleepingcomputer.com/sUBs/ComboFix.exe


    Then close all running programs, including web browser, instant messenger, etc and then run ComboFix.


    It will ask you whether it should start cleaning or not. Press 1 and hit Enter. Don't stop it while running. While doing this your screen may disappear but don't worry, it's a normal behaviour.


    At the end ComboFix will generate a log file. Save it and post it here.


  • Hi, thank you very much for your help. I did exactly as you told me. But i left bitdefender open during the process. And before booting the computer bitdefender asked me if i should allow some windows registery.. those were programs from the startup. so i allowed. Do you think this spoils the process? Otherwise here's the log report.


    Thank you, and please tell if i should do anything else.


    ComboFix 08-07-28.6 - Asd_ 2008-07-29 20:45:16.1 - NTFSx86


    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.902 [GMT 3:00]


    Running from: C:\Documents and Settings\Asd_\Desktop\ComboFix.exe


    * Created a new restore point


    * Resident AV is active


    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!


    .


    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    .


    C:\1rfw8hjr.com


    C:\autorun.inf


    C:\WINDOWS\system32\ckvo.exe


    C:\WINDOWS\system32\ckvo0.dll


    D:\Autorun.inf


    E:\Autorun.inf


    F:\Autorun.inf


    .


    ((((((((((((((((((((((((( Files Created from 2008-06-28 to 2008-07-29 )))))))))))))))))))))))))))))))


    .


    2008-07-22 22:02 . 2008-07-22 09:28 116,906 -r-hs---- C:\e9ehn1m8.com


    2008-07-20 23:32 . 2008-07-29 20:52 121 --a------ C:\WINDOWS\bdagent.INI


    2008-07-20 19:02 . 2008-07-20 19:02 <DIR> d-------- C:\Documents and Settings\Asd_\Application Data\BitDefender


    2008-07-20 18:59 . 2008-07-20 19:00 <DIR> d-------- C:\Program Files\BitDefender


    2008-07-20 18:59 . 2008-07-20 19:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender


    2008-07-20 18:54 . 2008-07-20 19:00 <DIR> d-------- C:\Program Files\Common Files\BitDefender


    2008-07-20 00:54 . 2008-07-29 20:28 79,360 -r-hs---- C:\WINDOWS\system32\ckvo1.dll


    2008-07-19 21:08 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys


    2008-07-19 21:08 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys


    2008-07-19 20:16 . 2008-07-19 20:16 <DIR> d-------- C:\Program Files\Avanquest update


    2008-07-19 20:16 . 2008-07-19 20:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BVRP Software


    2008-07-19 20:14 . 2008-07-19 20:14 <DIR> d-------- C:\Program Files\Sony Ericsson


    2008-07-19 20:14 . 2008-07-19 20:14 <DIR> d-------- C:\Documents and Settings\Asd_\Application Data\InstallShield


    2008-07-19 20:14 . 2008-07-19 20:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson


    2008-07-14 16:16 . 2008-07-14 16:16 <DIR> d-------- C:\Program Files\Microsoft Reader


    2008-07-14 16:16 . 2008-07-19 20:16 <DIR> d--h----- C:\Program Files\InstallShield Installation Information


    2008-07-14 16:16 . 2003-06-05 17:15 57,436 --a------ C:\WINDOWS\DASShp.dll


    2008-07-14 16:15 . 2008-07-14 16:16 <DIR> d-------- C:\Program Files\Common Files\InstallShield


    2008-07-11 00:02 . 2008-07-11 00:02 50,200 --ah----- C:\WINDOWS\system32\mlfcache.dat


    2008-07-10 23:42 . 2008-07-11 01:01 <DIR> d-------- C:\Documents and Settings\Asd_\Application Data\mIRC


    2008-07-02 23:15 . 2008-07-02 23:15 <DIR> d-------- C:\Program Files\TimeAdjuster


    2008-07-02 22:12 . 2008-07-02 22:12 <DIR> d-------- C:\Program Files\URUSoft


    2008-07-02 22:01 . 2008-07-02 22:01 <DIR> d-------- C:\Program Files\POP Software


    2008-06-30 01:41 . 2008-06-30 01:43 <DIR> d-------- C:\Program Files\Common Files\Adobe


    2008-06-29 14:43 . 2008-06-29 23:28 <DIR> d-------- C:\divx


    2008-06-29 14:29 . 2008-06-29 14:29 <DIR> d-------- C:\Program Files\iTunes


    2008-06-29 14:29 . 2008-06-29 14:29 <DIR> d-------- C:\Program Files\iPod


    2008-06-29 14:29 . 2008-06-29 14:29 <DIR> d-------- C:\Documents and Settings\Asd_\Application Data\Apple Computer


    2008-06-29 14:28 . 2008-06-29 14:28 <DIR> d-------- C:\Program Files\Bonjour


    2008-06-29 14:27 . 2008-06-29 14:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer


    2008-06-29 13:47 . 2008-06-29 13:47 <DIR> d-------- C:\Program Files\Apple Software Update


    2008-06-29 13:46 . 2008-06-29 13:46 <DIR> d-------- C:\Program Files\Common Files\Apple


    2008-06-29 13:46 . 2008-06-29 13:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple


    .


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))


    .


    2008-07-29 17:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Babylon


    2008-07-29 17:52 81,984 ----a-w C:\WINDOWS\system32\bdod.bin


    2008-07-29 17:52 5,708 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx


    2008-07-29 17:52 434,208 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat


    2008-07-29 17:52 3,071,520 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat


    2008-07-29 17:52 28,220 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx


    2008-07-29 17:38 --------- d-----w C:\Documents and Settings\Asd_\Application Data\Babylon


    2008-07-29 17:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab


    2008-07-27 15:50 77,824 ----a-w C:\WINDOWS\system32\xcomm.dll


    2008-07-20 18:07 86,792 ----a-w C:\WINDOWS\system32\drivers\bdfndisf.sys


    2008-07-20 15:45 --------- d-----w C:\Documents and Settings\Asd_\Application Data\uTorrent


    2008-07-20 07:10 --------- d-----w C:\Program Files\uTorrent


    2008-06-29 08:38 --------- d-----w C:\Program Files\Sipru


    2008-06-28 18:22 --------- d-----w C:\Documents and Settings\Asd_\Application Data\DivX


    2008-06-25 06:05 --------- d-----w C:\Documents and Settings\Asd_\Application Data\vlc


    2008-06-25 05:07 --------- d-----w C:\Program Files\VideoLAN


    2008-06-25 04:59 --------- d-----w C:\Program Files\DivX


    2008-06-23 17:29 --------- d-----w C:\Documents and Settings\Asd_\Application Data\Media Player Classic


    2008-06-17 06:51 96,966 ----a-w C:\WINDOWS\system32\drivers\klin.dat


    2008-06-17 06:51 88,774 ----a-w C:\WINDOWS\system32\drivers\klick.dat


    2008-06-17 06:32 --------- d-----w C:\Program Files\Kaspersky Lab


    2008-06-17 06:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files


    2008-06-08 21:33 --------- d-----w C:\Program Files\Java


    2008-06-08 21:30 --------- d-----w C:\Program Files\Common Files\Java


    2008-06-08 21:14 --------- d-----w C:\Program Files\myBabylon


    2008-06-08 21:14 --------- d-----w C:\Program Files\Conduit


    2008-06-08 21:13 --------- d-----w C:\Program Files\Babylon


    2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll


    2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll


    2008-05-30 23:22 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll


    2008-05-30 23:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll


    2008-05-30 23:22 683,520 ----a-w C:\WINDOWS\system32\DivX.dll


    2008-05-30 23:22 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll


    2008-05-30 23:22 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll


    2008-05-30 23:22 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll


    2008-05-30 23:22 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll


    2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll


    2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll


    2008-05-22 22:22 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe


    2008-05-22 22:22 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll


    2008-05-22 22:22 129,784 ------w C:\WINDOWS\system32\pxafs.dll


    2008-05-22 22:22 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe


    2008-05-22 22:22 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe


    2008-05-22 22:20 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll


    2008-05-22 22:20 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll


    2008-05-22 22:19 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll


    2008-05-22 22:19 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll


    2008-05-22 22:19 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe


    2008-05-22 22:18 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll


    2008-05-22 14:48 37,888 ----a-w C:\WINDOWS\system32\setupnt.dll


    2008-05-22 14:48 126,976 ----a-w C:\WINDOWS\system32\snapapi.dll


    .


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    .


    .


    *Note* empty entries & legit default entries are not shown


    REGEDIT4


    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]


    "{34ea1c70-42cc-42c5-aa29-ec58b95a343e}"= "C:\Program Files\myBabylon\tbmyBa.dll" [2008-02-14 14:54 1555480]


    [HKEY_CLASSES_ROOT\clsid\{34ea1c70-42cc-42c5-aa29-ec58b95a343e}]


    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{34ea1c70-42cc-42c5-aa29-ec58b95a343e}]


    2008-02-14 14:54 1555480 --a------ C:\Program Files\myBabylon\tbmyBa.dll


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]


    "{34ea1c70-42cc-42c5-aa29-ec58b95a343e}"= "C:\Program Files\myBabylon\tbmyBa.dll" [2008-02-14 14:54 1555480]


    [HKEY_CLASSES_ROOT\clsid\{34ea1c70-42cc-42c5-aa29-ec58b95a343e}]


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]


    "{34EA1C70-42CC-42C5-AA29-EC58B95A343E}"= "C:\Program Files\myBabylon\tbmyBa.dll" [2008-02-14 14:54 1555480]


    [HKEY_CLASSES_ROOT\clsid\{34ea1c70-42cc-42c5-aa29-ec58b95a343e}]


    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]


    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]


    "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 17:19 356352]


    "msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]


    "Acronis True Image Monitor"="C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe" [2008-05-22 17:48 417431]


    "Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-05-22 17:48 61440]


    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]


    "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-04-25 18:21 201992]


    "QuickTime Task"="C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]


    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]


    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]


    "Babylon Client"="C:\Program Files\Babylon\Babylon-Pro\Babylon.exe" [2008-03-11 09:23 3551456]


    "BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-07-20 19:14 368640]


    "BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2008-07-20 19:14 61440]


    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-06-02 11:13 267048]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]


    "vidc.3iv2"= 3ivxVfWCodec.dll


    "VIDC.HFYU"= huffyuv.dll


    "VIDC.VP31"= vp31vfw.dll


    [HKEY_LOCAL_MACHINE\software\microsoft\security center]


    "AntiVirusDisableNotify"=dword:00000001


    "UpdatesDisableNotify"=dword:00000001


    "AntiVirusOverride"=dword:00000001


    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]


    "DisableMonitoring"=dword:00000001


    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]


    "EnableFirewall"= 0 (0x0)


    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]


    "%windir%\\system32\\sessmgr.exe"=


    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=


    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=


    "C:\\Program Files\\uTorrent\\uTorrent.exe"=


    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=


    "C:\\Program Files\\iTunes\\iTunes.exe"=


    "D:\\d\\eMule\\emule.exe"=


    R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 18:29]


    R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-07-20 21:07]


    R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-03-25 20:07]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]


    bdx REG_MULTI_SZ scan


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{419ae726-55b6-11dd-b540-000b6a7a0b92}]


    \Shell\AutoRun\command - H:\r6r.exe


    \Shell\explore\Command - H:\r6r.exe


    \Shell\open\Command - H:\r6r.exe


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{419ae727-55b6-11dd-b540-000b6a7a0b92}]


    \Shell\AutoRun\command - I:\r6r.exe


    \Shell\explore\Command - I:\r6r.exea


    \Shell\open\Command - I:\r6r.exe


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{737543aa-3092-11dd-b4fd-000b6a7a0b92}]


    \Shell\AutoRun\command - H:\r6r.exe


    \Shell\explore\Command - H:\r6r.exe


    \Shell\open\Command - H:\r6r.exe


    .


    Contents of the 'Scheduled Tasks' folder


    2008-07-18 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]


    2008-07-29 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job


    - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]


    .


    - - - - ORPHANS REMOVED - - - -


    HKCU-Run-kamsoft - C:\WINDOWS\system32\ckvo.exe


    .


    ------- Supplementary Scan -------


    .


    R0 -: HKCU-Main,Start Page = about:blank


    R1 -: HKCU-Internet Settings,ProxyOverride = *.local


    O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm


    O8 -: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx


    O8 -: Microsoft Excel'e Gö&nder - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000


    O8 -: Translate with &Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm


    O17 -: HKLM\CCS\Interface\{0AF45CB5-825E-4FF4-8FF6-ED8D4A7CD6FF}: NameServer = 192.168.2.1


    O16 -: {0FC8B38E-9293-424C-9D0E-CE60775679CF} - hxxps://sube.garanti.com.tr/lib/JaguarEditControl.CAB


    C:\WINDOWS\Downloaded Program Files\JaguarEditControl.INF


    C:\WINDOWS\Downloaded Program Files\JaguarEditControl.dll


    **************************************************************************


    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net


    Rootkit scan 2008-07-29 20:54:15


    Windows 5.1.2600 Service Pack 2 NTFS


    scanning hidden processes ...


    scanning hidden autostart entries ...


    scanning hidden files ...


    scan completed successfully


    hidden files: 0


    **************************************************************************


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]


    "Acronis True Image Monitor"="\"C:\\Program Files\\Acronis\\TrueImage\\TrueImageMonitor.exe\""


    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bdfsfltr]


    "ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\


    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bdfsfltr]


    "ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\


    .


    ------------------------ Other Running Processes ------------------------


    .


    C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe


    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe


    C:\Program Files\Bonjour\mDNSResponder.exe


    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE


    C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe


    C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe


    C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe


    C:\Program Files\iPod\bin\iPodService.exe


    .


    **************************************************************************


    .


    Completion time: 2008-07-29 20:58:44 - machine was rebooted


    ComboFix-quarantined-files.txt 2008-07-29 17:58:03


    Pre-Run: 95,734,710,272 bytes free


    Post-Run: 96,478,560,256 bytes free


    232

  • Niels
    Niels
    edited July 2008

    Hello mustafaazizoglu,


    Please do this press the windows button together with r now type this:


    regsvr32 -u "C:\WINDOWS\system32\ckvo1.dll press enter.


    Please open wordpad:


    Type this:


    File: :


    C:\e9ehn1m8.com


    C:\WINDOWS\system32\ckvo1.dll


    Save the file as CFScript.txt and save it at your desktop.


    Please drag and drop CFScript.txt on the Combofix icon.


    Reboot your pc if asked and post a new combofix log.


    After that download also flash disinfector witch you can find here. Please attach all your usb devices. Now double click on Flash Disinfector to run it.


    Kind regards,


    Niels

  • Hi Niels,


    Thank you very much for your help, but when i typed what you said, it says:


    LoadLibrary("C:\WINDOWS\system32\ckvo1.dll) failed. Access is denied. So I didn't follow the suit. What should i do?


    Best regards,


    Mustafa

  • Hello mustafaazizoglu,


    Just follow the rest off my instructions. Please do this also so BitDefender will be able to detect the infections you had. Click on start,my computer,double click on the icon off your hard disc were you store your software. You will see a folder called QooBox open the quarantine subfolder. You will see subfolders please archive the content off these folders. But first you need to rename the file that looks like this


    blabla.dll.vir Rename it and remove .vir confirm the warning off microsoft. If you don't see .vir please do this once you are in the quarantine or the subfolders to the tools menu,folder options,press on the display/view tab unchek hide extensions for known file types press on apply and ok to confirm.


    How to do that follow the instructions in this topic. Follow the instructions that are in post 2. After you have done that please make a new topic in this forum section. To add an attachment is very easy once you are in the screen for creating a topic or reply just scroll down you will see a section called Attachments press on browse and navigate to the location off your archive press on open and press on upload. There is a 2 MB file upload.


    Kind regards,


    Niels

  • Hi Niels,


    Here's the log report of combo fix:


    I'll do the other instructions now. Thank you.


    ComboFix 08-07-28.6 - Asd_ 2008-08-01 1:00:43.3 - NTFSx86


    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.899 [GMT 3:00]


    Running from: C:\Documents and Settings\Asd_\Desktop\ComboFix.exe


    Command switches used :: C:\Documents and Settings\Asd_\Desktop\CFScript.txt


    * Created a new restore point


    * Resident AV is active


    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!


    .


    ((((((((((((((((((((((((( Files Created from 2008-06-28 to 2008-07-31 )))))))))))))))))))))))))))))))


    .


    2008-07-20 23:32 . 2008-08-01 01:05 121 --a------ C:\WINDOWS\bdagent.INI


    2008-07-20 19:02 . 2008-07-20 19:02 <DIR> d-------- C:\Documents and Settings\Asd_\Application Data\BitDefender


    2008-07-20 18:59 . 2008-07-20 19:00 <DIR> d-------- C:\Program Files\BitDefender


    2008-07-20 18:59 . 2008-07-20 19:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender


    2008-07-20 18:54 . 2008-07-20 19:00 <DIR> d-------- C:\Program Files\Common Files\BitDefender


    2008-07-20 00:54 . 2008-07-29 20:28 79,360 -r-hs---- C:\WINDOWS\system32\ckvo1.dll


    2008-07-19 21:08 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys


    2008-07-19 21:08 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys


    2008-07-19 20:16 . 2008-07-19 20:16 <DIR> d-------- C:\Program Files\Avanquest update


    2008-07-19 20:16 . 2008-07-19 20:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BVRP Software


    2008-07-19 20:14 . 2008-07-19 20:14 <DIR> d-------- C:\Program Files\Sony Ericsson


    2008-07-19 20:14 . 2008-07-19 20:14 <DIR> d-------- C:\Documents and Settings\Asd_\Application Data\InstallShield


    2008-07-19 20:14 . 2008-07-19 20:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson


    2008-07-14 16:16 . 2008-07-14 16:16 <DIR> d-------- C:\Program Files\Microsoft Reader


    2008-07-14 16:16 . 2008-07-19 20:16 <DIR> d--h----- C:\Program Files\InstallShield Installation Information


    2008-07-14 16:16 . 2003-06-05 17:15 57,436 --a------ C:\WINDOWS\DASShp.dll


    2008-07-14 16:15 . 2008-07-14 16:16 <DIR> d-------- C:\Program Files\Common Files\InstallShield


    2008-07-11 00:02 . 2008-07-11 00:02 50,200 --ah----- C:\WINDOWS\system32\mlfcache.dat


    2008-07-10 23:42 . 2008-07-11 01:01 <DIR> d-------- C:\Documents and Settings\Asd_\Application Data\mIRC


    2008-07-02 23:15 . 2008-07-02 23:15 <DIR> d-------- C:\Program Files\TimeAdjuster


    2008-07-02 22:12 . 2008-07-02 22:12 <DIR> d-------- C:\Program Files\URUSoft


    2008-07-02 22:01 . 2008-07-02 22:01 <DIR> d-------- C:\Program Files\POP Software


    2008-06-30 01:41 . 2008-06-30 01:43 <DIR> d-------- C:\Program Files\Common Files\Adobe


    2008-06-29 14:43 . 2008-06-29 23:28 <DIR> d-------- C:\divx


    2008-06-29 14:29 . 2008-06-29 14:29 <DIR> d-------- C:\Program Files\iTunes


    2008-06-29 14:29 . 2008-06-29 14:29 <DIR> d-------- C:\Program Files\iPod


    2008-06-29 14:29 . 2008-06-29 14:29 <DIR> d-------- C:\Documents and Settings\Asd_\Application Data\Apple Computer


    2008-06-29 14:28 . 2008-06-29 14:28 <DIR> d-------- C:\Program Files\Bonjour


    2008-06-29 14:27 . 2008-06-29 14:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer


    2008-06-29 13:47 . 2008-06-29 13:47 <DIR> d-------- C:\Program Files\Apple Software Update


    2008-06-29 13:46 . 2008-06-29 13:46 <DIR> d-------- C:\Program Files\Common Files\Apple


    2008-06-29 13:46 . 2008-06-29 13:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple


    2008-06-28 21:20 . 2008-07-27 18:39 <DIR> d-------- C:\Temp


    2008-06-25 09:05 . 2008-06-25 09:05 <DIR> d-------- C:\Documents and Settings\Asd_\Application Data\vlc


    2008-06-25 08:07 . 2008-06-25 08:07 <DIR> d-------- C:\Program Files\VideoLAN


    2008-06-25 08:00 . 2008-06-28 21:22 <DIR> d-------- C:\Documents and Settings\Asd_\Application Data\DivX


    2008-06-25 07:58 . 2008-06-25 07:59 <DIR> d-------- C:\Program Files\DivX


    2008-06-25 07:58 . 2008-05-23 01:22 129,784 --------- C:\WINDOWS\system32\pxafs.dll


    2008-06-25 07:58 . 2008-05-23 01:22 120,056 --------- C:\WINDOWS\system32\pxcpyi64.exe


    2008-06-25 07:58 . 2008-05-23 01:22 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe


    2008-06-25 07:58 . 2008-05-23 01:22 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys


    2008-06-25 07:58 . 2008-05-23 01:22 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys


    2008-06-25 07:41 . 2008-06-29 11:38 <DIR> d-------- C:\Program Files\Sipru


    2008-06-23 20:29 . 2008-06-23 20:29 <DIR> d-------- C:\Documents and Settings\Asd_\Application Data\Media Player Classic


    2008-06-22 19:33 . 2008-07-20 10:10 <DIR> d-------- C:\Program Files\uTorrent


    2008-06-22 19:33 . 2008-07-20 18:45 <DIR> d-------- C:\Documents and Settings\Asd_\Application Data\uTorrent


    2008-06-17 09:51 . 2008-07-15 23:26 268 --ah----- C:\sqmdata19.sqm


    2008-06-17 09:51 . 2008-07-15 23:26 244 --ah----- C:\sqmnoopt19.sqm


    2008-06-17 09:43 . 2008-07-14 15:49 268 --ah----- C:\sqmdata18.sqm


    2008-06-17 09:43 . 2008-07-14 15:49 244 --ah----- C:\sqmnoopt18.sqm


    2008-06-17 09:34 . 2008-08-01 00:55 268 --ah----- C:\sqmdata17.sqm


    2008-06-17 09:34 . 2008-08-01 00:55 244 --ah----- C:\sqmnoopt17.sqm


    2008-06-17 09:33 . 2008-06-17 09:51 96,966 --a------ C:\WINDOWS\system32\drivers\klin.dat


    2008-06-17 09:33 . 2008-06-17 09:51 88,774 --a------ C:\WINDOWS\system32\drivers\klick.dat


    2008-06-17 09:32 . 2008-06-17 09:32 <DIR> d-------- C:\Program Files\Kaspersky Lab


    2008-06-17 09:32 . 2008-08-01 00:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab


    2008-06-17 09:32 . 2008-08-01 00:53 3,071,520 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat


    2008-06-17 09:32 . 2008-08-01 00:53 442,400 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat


    2008-06-17 09:32 . 2008-08-01 00:53 28,220 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx


    2008-06-17 09:32 . 2008-08-01 00:53 5,736 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx


    2008-06-17 09:31 . 2008-06-17 09:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files


    2008-06-15 18:47 . 2008-07-31 23:24 268 --ah----- C:\sqmdata16.sqm


    2008-06-15 18:47 . 2008-07-31 23:24 244 --ah----- C:\sqmnoopt16.sqm


    2008-06-15 11:33 . 2008-07-30 21:07 268 --ah----- C:\sqmdata15.sqm


    2008-06-15 11:33 . 2008-07-30 21:07 244 --ah----- C:\sqmnoopt15.sqm


    2008-06-14 18:42 . 2008-07-29 20:55 268 --ah----- C:\sqmdata14.sqm


    2008-06-14 18:42 . 2008-07-29 20:55 244 --ah----- C:\sqmnoopt14.sqm


    2008-06-14 11:21 . 2008-07-29 20:28 268 --ah----- C:\sqmdata13.sqm


    2008-06-14 11:21 . 2008-07-29 20:28 244 --ah----- C:\sqmnoopt13.sqm


    2008-06-13 18:02 . 2008-07-28 20:44 268 --ah----- C:\sqmdata12.sqm


    2008-06-13 18:02 . 2008-07-28 20:44 244 --ah----- C:\sqmnoopt12.sqm


    2008-06-13 11:14 . 2008-07-28 20:19 268 --ah----- C:\sqmdata11.sqm


    2008-06-13 11:14 . 2008-07-28 20:19 244 --ah----- C:\sqmnoopt11.sqm


    2008-06-12 20:29 . 2008-07-28 19:59 268 --ah----- C:\sqmdata10.sqm


    2008-06-12 20:29 . 2008-07-28 19:59 244 --ah----- C:\sqmnoopt10.sqm


    2008-06-11 21:54 . 2008-07-28 00:11 268 --ah----- C:\sqmdata09.sqm


    2008-06-11 21:54 . 2008-07-28 00:11 244 --ah----- C:\sqmnoopt09.sqm


    2008-06-11 21:06 . 2008-07-27 18:54 268 --ah----- C:\sqmdata08.sqm


    2008-06-11 21:06 . 2008-07-27 18:54 244 --ah----- C:\sqmnoopt08.sqm


    2008-06-09 00:33 . 2008-06-09 00:33 <DIR> d-------- C:\WINDOWS\Sun


    2008-06-09 00:33 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl


    2008-06-09 00:32 . 2008-06-09 00:33 <DIR> d-------- C:\Program Files\Java


    2008-06-09 00:30 . 2008-06-09 00:30 <DIR> d-------- C:\Program Files\Common Files\Java


    2008-06-09 00:14 . 2008-06-09 00:14 <DIR> d-------- C:\Program Files\myBabylon


    2008-06-09 00:14 . 2008-06-09 00:14 <DIR> d-------- C:\Program Files\Conduit


    2008-06-09 00:13 . 2008-06-09 00:13 <DIR> d-------- C:\Program Files\Babylon


    2008-06-09 00:13 . 2008-07-29 20:38 <DIR> d-------- C:\Documents and Settings\Asd_\Application Data\Babylon


    2008-06-09 00:13 . 2008-08-01 00:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Babylon


    2008-06-08 23:17 . 2008-07-27 18:21 268 --ah----- C:\sqmdata07.sqm


    2008-06-08 23:17 . 2008-07-27 18:21 244 --ah----- C:\sqmnoopt07.sqm


    2008-06-08 17:39 . 2008-07-20 15:36 268 --ah----- C:\sqmdata06.sqm


    2008-06-08 17:39 . 2008-07-20 15:36 244 --ah----- C:\sqmnoopt06.sqm


    2008-06-07 19:45 . 2008-07-19 18:14 268 --ah----- C:\sqmdata05.sqm


    2008-06-07 19:45 . 2008-07-19 18:14 244 --ah----- C:\sqmnoopt05.sqm


    2008-06-05 21:42 . 2008-07-18 23:27 268 --ah----- C:\sqmdata04.sqm


    2008-06-05 21:42 . 2008-07-18 23:27 244 --ah----- C:\sqmnoopt04.sqm


    2008-06-04 23:00 . 2008-07-18 20:19 268 --ah----- C:\sqmdata03.sqm


    2008-06-04 23:00 . 2008-07-18 20:19 244 --ah----- C:\sqmnoopt03.sqm


    2008-06-02 19:42 . 2008-06-02 22:23 <DIR> d-------- C:\WINDOWS\BDOSCAN8


    2008-06-02 19:28 . 2008-08-01 01:06 81,984 --a------ C:\WINDOWS\system32\bdod.bin


    2008-06-02 19:00 . 2008-07-16 23:39 268 --ah----- C:\sqmdata02.sqm


    2008-06-02 19:00 . 2008-07-16 23:39 244 --ah----- C:\sqmnoopt02.sqm


    2008-06-02 16:06 . 2008-07-16 01:09 268 --ah----- C:\sqmdata01.sqm


    2008-06-02 16:06 . 2008-07-16 01:09 244 --ah----- C:\sqmnoopt01.sqm


    2008-06-02 14:08 . 2008-07-27 18:39 116 --a------ C:\WINDOWS\NeroDigital.ini


    .


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))


    .


    2008-07-27 15:50 77,824 ----a-w C:\WINDOWS\system32\xcomm.dll


    2008-07-20 18:07 86,792 ----a-w C:\WINDOWS\system32\drivers\bdfndisf.sys


    2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll


    2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll


    2008-05-30 23:22 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll


    2008-05-30 23:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll


    2008-05-30 23:22 683,520 ----a-w C:\WINDOWS\system32\DivX.dll


    2008-05-30 23:22 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll


    2008-05-30 23:22 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll


    2008-05-30 23:22 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll


    2008-05-30 23:22 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll


    2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll


    2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll


    2008-05-22 22:22 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe


    2008-05-22 22:22 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll


    2008-05-22 22:20 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll


    2008-05-22 22:20 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll


    2008-05-22 22:19 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll


    2008-05-22 22:19 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll


    2008-05-22 22:19 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe


    2008-05-22 22:18 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll


    2008-05-22 14:48 37,888 ----a-w C:\WINDOWS\system32\setupnt.dll


    2008-05-22 14:48 126,976 ----a-w C:\WINDOWS\system32\snapapi.dll


    2008-04-25 15:22 206,088 ----a-w C:\WINDOWS\system32\klogon.dll


    .


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    .


    .


    *Note* empty entries & legit default entries are not shown


    REGEDIT4


    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]


    "{34ea1c70-42cc-42c5-aa29-ec58b95a343e}"= "C:\Program Files\myBabylon\tbmyBa.dll" [2008-02-14 14:54 1555480]


    [HKEY_CLASSES_ROOT\clsid\{34ea1c70-42cc-42c5-aa29-ec58b95a343e}]


    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{34ea1c70-42cc-42c5-aa29-ec58b95a343e}]


    2008-02-14 14:54 1555480 --a------ C:\Program Files\myBabylon\tbmyBa.dll


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]


    "{34ea1c70-42cc-42c5-aa29-ec58b95a343e}"= "C:\Program Files\myBabylon\tbmyBa.dll" [2008-02-14 14:54 1555480]


    [HKEY_CLASSES_ROOT\clsid\{34ea1c70-42cc-42c5-aa29-ec58b95a343e}]


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]


    "{34EA1C70-42CC-42C5-AA29-EC58B95A343E}"= "C:\Program Files\myBabylon\tbmyBa.dll" [2008-02-14 14:54 1555480]


    [HKEY_CLASSES_ROOT\clsid\{34ea1c70-42cc-42c5-aa29-ec58b95a343e}]


    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]


    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]


    "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 17:19 356352]


    "msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]


    "Acronis True Image Monitor"="C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe" [2008-05-22 17:48 417431]


    "Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-05-22 17:48 61440]


    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]


    "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-04-25 18:21 201992]


    "QuickTime Task"="C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]


    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]


    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]


    "Babylon Client"="C:\Program Files\Babylon\Babylon-Pro\Babylon.exe" [2008-03-11 09:23 3551456]


    "BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-07-20 19:14 368640]


    "BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2008-07-20 19:14 61440]


    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-06-02 11:13 267048]


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]


    "GrpConv"="grpconv -o" [X]


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]


    "DisableTaskMgr"= 0 (0x0)


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]


    "vidc.3iv2"= 3ivxVfWCodec.dll


    "VIDC.HFYU"= huffyuv.dll


    "VIDC.VP31"= vp31vfw.dll


    [HKEY_LOCAL_MACHINE\software\microsoft\security center]


    "AntiVirusDisableNotify"=dword:00000001


    "UpdatesDisableNotify"=dword:00000001


    "AntiVirusOverride"=dword:00000001


    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]


    "DisableMonitoring"=dword:00000001


    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]


    "EnableFirewall"= 0 (0x0)


    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]


    "%windir%\\system32\\sessmgr.exe"=


    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=


    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=


    "C:\\Program Files\\uTorrent\\uTorrent.exe"=


    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=


    "C:\\Program Files\\iTunes\\iTunes.exe"=


    "D:\\d\\eMule\\emule.exe"=


    R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 18:29]


    R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-07-20 21:07]


    R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-03-25 20:07]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]


    bdx REG_MULTI_SZ scan


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{419ae726-55b6-11dd-b540-000b6a7a0b92}]


    \Shell\AutoRun\command - H:\r6r.exe


    \Shell\explore\Command - H:\r6r.exe


    \Shell\open\Command - H:\r6r.exe


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{419ae727-55b6-11dd-b540-000b6a7a0b92}]


    \Shell\AutoRun\command - I:\r6r.exe


    \Shell\explore\Command - I:\r6r.exe


    \Shell\open\Command - I:\r6r.exe


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{737543aa-3092-11dd-b4fd-000b6a7a0b92}]


    \Shell\AutoRun\command - H:\r6r.exe


    \Shell\explore\Command - H:\r6r.exe


    \Shell\open\Command - H:\r6r.exe


    .


    Contents of the 'Scheduled Tasks' folder


    2008-07-18 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]


    2008-07-31 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job


    - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]


    .


    **************************************************************************


    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net


    Rootkit scan 2008-08-01 01:06:09


    Windows 5.1.2600 Service Pack 2 NTFS


    scanning hidden processes ...


    scanning hidden autostart entries ...


    scanning hidden files ...


    scan completed successfully


    hidden files: 0


    **************************************************************************


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]


    "Acronis True Image Monitor"="\"C:\\Program Files\\Acronis\\TrueImage\\TrueImageMonitor.exe\""


    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\bdfsfltr]


    "ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\


    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\bdfsfltr]


    "ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\


    .


    Completion time: 2008-08-01 1:08:38


    ComboFix-quarantined-files.txt 2008-07-31 22:08:18


    ComboFix2.txt 2008-07-31 20:39:57


    ComboFix3.txt 2008-07-29 17:58:50


    Pre-Run: 96,413,945,856 bytes free


    Post-Run: 96,408,510,464 bytes free


    246

  • First of all, disable System Restore !


    Download ComboFix from here: http://download.bleepingcomputer.com/sUBs/ComboFix.exe


    Then close all running programs, including web browser, instant messenger, etc and then run ComboFix.


    It will ask you whether it should start cleaning or not. Press 1 and hit Enter. Don't stop it while running. While doing this your screen may disappear but don't worry, it's a normal behaviour.


    At the end ComboFix will generate a log file. Save it and post it here.


    Hello, i have seen that you recommend to all user this Combofix, but how can you do that everywhere here when this file is self a trojan tool?


    I just scanned it from virustotal and


    f-prot, mcafee, sophos, avira, panda and alot more antivirus detected it as trojan tool.


    that file should maybe be added to Bitdefender detection list also?

  • Hello mustafaazizoglu,


    Please do this:


    Click on start,my computer,double click on the icon off your hard disk or partition were windows or your software is installed on. After that open the QooBox and the following subfolder Quarantine. Now open the the two subfolders normally you have to open the folder that has the drive letter off your hard disk or partition,windows check also if there are other folders also and open the subfolders. You will see entries that looks like this blabla.dll.vir. Rename the files and remove .vir confirm the windows message. You need to archive them. How to do that take a look at the second post in this topic.


    After that make a new topic in this forum section. Now upload the archive or archives you have made. This is easy once you are in the create a topic or reply screen just scroll down untill you see the Attachments section press on browse and navigate to the location off your archive press on upload. There is 2 mb file upload limit.


    Kind regards,


    Niels


    Hello Flavor,


    Combofix isn't a threat. This is just a little tool that is designed to create a report off all created files,folder,... that are created in a month. Another purpose is that it can delete certain malware. Other vendors detect it just as riskware (that are legit tools that also can be misused). The reason why they do that is because combofix deletes registry entries,files,... in the background so you will not see anything by using a legitimate freeware tool.


    Kind regards,


    Niels

  • Hi Niels,


    I misunderstood and made a mistake. Instead of renaming and removing the .vir part of the files in the quarantine, I deleted those files with .vir extension. Does it make a big harm? How should i continue? Should i still archive the other files?


    Thank you.


    Best regards,


    Mustafa

  • Hello,


    I still have msanti.bt virus. What should i do?


    Best regards,


    Mustafa

  • Hello mustafaazizoglu,


    Please do this reboot your pc into safe mode. To do that just reboot your pc. Press several times on the F8 button before the windows splash screen. Log in with your account. Click on start,right click on my computer choose properties now click on the system restore tab and select the option disable system restore on all stations press on apply and ok. This can take a few moments confirm the warning. Wait till everything is greyed out under the section stations. When that is done please uncheck the option disable system restore on all stations and press on apply and ok.


    Can you please verify if on h: drive you still have the file r6r.exe? It's possible that you need to enable the option to be able to see hidden files. To do that explore h: go to the tools menu,folder options,view (display tab),select the option show hidden files and folders. If the file is still present please add it into an archive and post it on the same location as what I said for your previous samples.


    I see that you still have Kasersky installed or there are still some remaints.


    Kind regards,


    Niels


  • Hi Niels,


    Thank you for your help.


    I ristarted in safe mode and disabled system restore as you said, but i couldn't uncheck disable box, because it said i couldn't enable seystem restore in safe mode and i had to do that in normal mode. So i restarted in normal mode and enabled sesystem restore. Do you think this is the same?

  • Hello mustafaazizoglu,


    That is the same.


    Kind regards,


    Niels