Every three or four seconds a pop up or ad will appear, even though I have a pop up blocker running. It's very annoying and I'd love it if I could get rid of this adware.
Logfile of HijackThis v1.99.1
Scan saved at 2:58:08 PM, on 10/3/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\printer.exe
C:\WINDOWS\System32\keyhook.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\sistray.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Craig\Local Settings\Temp\Temporary Directory 1 for avenger[1].zip\avenger.exe
C:\Program Files\Hijackthis\HijackThis.exe
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\printer.exe
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\System32\WinAvXX.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\System32\WinAvXX.exe
O4 - Startup: system.exe
O4 - Global Startup: autorun.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1188011768780
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O20 - AppInit_DLLs: C:\WINDOWS\System32\__c00E5BD4.dat
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\System32\ZoneLabs\isafe.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Full Version: Pop-up Malware/Adware
Hello oaksmarts,
Welcome to Gladiator Security Forum
As bad as this is, you need to update to SP1 before we go any further.
http://www.microsoft.com/downloads/details...e5-023443e29d78
HijackThis current version is v2.0.2
http://www.trendsecure.com/portal/en-US/th...p?page=download
Please make a new folder to put your HijackThis.exe into. Anywhere on your hard drive is fine other than your Desktop or the Temp folder. We suggest you use "c:\Programs\hijackthis\" but feel free to use any name. Extract and save the Hijackthis download to the new folder you made. Then navigate to it and run HijackThis from there. This is to ensure it makes the necessary backups for recovery if fixes are made. Post a new log, please, when you've done these things. :)
Thanks,
tea
Welcome to Gladiator Security Forum
As bad as this is, you need to update to SP1 before we go any further.
http://www.microsoft.com/downloads/details...e5-023443e29d78
HijackThis current version is v2.0.2
http://www.trendsecure.com/portal/en-US/th...p?page=download
Please make a new folder to put your HijackThis.exe into. Anywhere on your hard drive is fine other than your Desktop or the Temp folder. We suggest you use "c:\Programs\hijackthis\" but feel free to use any name. Extract and save the Hijackthis download to the new folder you made. Then navigate to it and run HijackThis from there. This is to ensure it makes the necessary backups for recovery if fixes are made. Post a new log, please, when you've done these things. :)
Thanks,
tea
Ok it's been updated.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:16:40 PM, on 10/3/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\printer.exe
C:\WINDOWS\System32\keyhook.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\sistray.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: autorun.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O20 - AppInit_DLLs: C:\WINDOWS\System32\__c00E5BD4.dat
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\System32\ZoneLabs\isafe.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 2657 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:16:40 PM, on 10/3/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\printer.exe
C:\WINDOWS\System32\keyhook.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\sistray.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: autorun.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O20 - AppInit_DLLs: C:\WINDOWS\System32\__c00E5BD4.dat
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\System32\ZoneLabs\isafe.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 2657 bytes
Erm.....no, Windows hasn't been updated. 
Please post back when it is.
Please post back when it is.
The link you gave me to update Windows isn't working. I click on it and it says page cannot be displayed. :no:
Works just fine for me. :) Are you using IE or Firefox?
I've used both.
Well then....that begs the question.........Is your OS legit?
Yes.
Is it possible to fix the problem without updating Windows?
Is it possible to fix the problem without updating Windows?
Hello,
Let's run this tool and then we'll get you updated. If we don't do this then any cleaning will be useless. Do you understand this?
1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.
Thanks,
tea
Let's run this tool and then we'll get you updated. If we don't do this then any cleaning will be useless. Do you understand this?
1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.
Thanks,
tea
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun.exe
C:\Documents and Settings\Craig\Start Menu\Programs\Startup\system.exe
C:\WINDOWS\system32\__c0014150.exe
C:\WINDOWS\system32\__c0064030.exe
C:\WINDOWS\system32\__c0098AB6.dat
C:\WINDOWS\system32\__c00A5441.exe
C:\WINDOWS\system32\__c00E5BD4.dat
C:\WINDOWS\system32\alog.txt
C:\WINDOWS\system32\help.txt
C:\WINDOWS\system32\printer.exe
C:\WINDOWS\system32\ps.dat
C:\WINDOWS\system32\svehost.exe
C:\WINDOWS\system32\vtr.dll
C:\WINDOWS\system32\vtr.dll
C:\WINDOWS\system32\WinAvXX.exe
.
((((((((((((((((((((((((( Files Created from 2007-09-08 to 2007-10-08 )))))))))))))))))))))))))))))))
.
2007-10-07 17:39 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-07 08:38 66,052 --a------ C:\WINDOWS\system32\__c0064030.dll
2007-10-07 08:17 66,052 --a------ C:\WINDOWS\system32\__c00A5441.dll
2007-10-04 13:06 203,096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-10-03 17:46 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-02 17:17 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2007-10-02 17:01 8,364 --a------ C:\WINDOWS\system32\sulimo.dat
2007-10-02 16:45 66,052 --a------ C:\WINDOWS\system32\__c0014150.dll
2007-09-30 23:48 7,804 --a------ C:\sysssoo.exe
2007-09-30 23:41 50,176 --a------ C:\WINDOWS\system32\btasv.dll
2007-09-30 23:41 40,830 --a------ C:\WINDOWS\system32\conf.dat
2007-09-30 23:41 1 --a------ C:\WINDOWS\system32\rc.dat
2007-09-30 23:41 1 --a------ C:\WINDOWS\system32\ps1.dat
2007-09-30 23:41 1 --a------ C:\WINDOWS\system32\cookie1.dat
2007-09-30 23:26 7,804 --a------ C:\sysolzm.exe
2007-09-16 18:20 <DIR> d-------- C:\Program Files\Calc98
2007-09-13 20:17 <DIR> d-------- C:\Program Files\TuxPaint
2007-09-13 20:17 <DIR> d-------- C:\Documents and Settings\Craig\Application Data\TuxPaint
2007-09-13 15:28 <DIR> d-------- C:\Program Files\XoftSpySE
2007-09-13 12:13 <DIR> d-------- C:\WINDOWS\.jagex_cache_32
2007-09-10 17:17 <DIR> d-------- C:\Documents and Settings\Craig\Application Data\Viewpoint
2007-09-09 13:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-09-08 16:19 1,156 --a------ C:\WINDOWS\mozver.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-20 17:26 --------- d-------- C:\Documents and Settings\Craig\Application Data\uTorrent
2007-09-06 21:37 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-09-06 21:36 --------- d-------- C:\Program Files\Oberon Media
2007-09-06 21:24 --------- d--h----- C:\Program Files\Zero G Registry
2007-09-06 21:24 --------- d-------- C:\Program Files\Pyware 3D Performer's Practice Tools
2007-09-05 20:48 --------- d-------- C:\Program Files\uTorrent
2007-09-05 18:16 --------- d-------- C:\Documents and Settings\Craig\Application Data\Talkback
2007-09-05 18:14 --------- d-------- C:\Program Files\DivX
2007-09-05 16:09 --------- d-------- C:\Documents and Settings\Craig\Application Data\Google
2007-09-05 16:08 --------- d-------- C:\Program Files\Google
2007-09-02 22:03 49152 --a------ C:\WINDOWS\system32\matorm.dll
2007-09-02 21:48 49152 --a------ C:\WINDOWS\system32\cocon.dll
2007-09-02 16:54 645904 --a------ C:\WINDOWS\system32\drivers\vetmonnt.sys
2007-09-02 16:54 115088 --a------ C:\WINDOWS\system32\drivers\vetfddnt.sys
2007-09-02 16:54 1021504 --a------ C:\WINDOWS\system32\vete.dll
2007-09-02 16:01 --------- d-------- C:\Documents and Settings\Craig\Application Data\MailFrontier
2007-09-02 15:46 --------- d-------- C:\Program Files\Executive Software
2007-09-02 14:54 --------- d-------- C:\Program Files\QuickTime
2007-09-02 14:54 --------- d-------- C:\Program Files\Apple Software Update
2007-09-02 14:54 --------- d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-09-02 14:54 --------- d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-09-02 14:26 --------- d-------- C:\Program Files\Lavasoft
2007-09-02 03:03 --------- d-------- C:\Documents and Settings\Craig\Application Data\Apple Computer
2007-09-02 02:30 --------- d-------- C:\Program Files\Trisnap Technologies
2007-09-02 02:09 --------- d-------- C:\Program Files\Alwil Software
2007-09-02 01:46 --------- d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-09-02 01:41 --------- d-------- C:\Program Files\C-Media Audio
2007-08-29 23:04 --------- d-------- C:\Documents and Settings\Craig\Application Data\Hulabee
2007-08-26 23:52 --------- d-------- C:\Program Files\HP
2007-08-26 23:52 --------- d-------- C:\Program Files\Common Files\HP
2007-08-26 23:50 --------- d-------- C:\Program Files\Hewlett-Packard
2007-08-26 23:50 --------- d-------- C:\Documents and Settings\All Users\Application Data\HP
2007-08-26 23:45 --------- d-------- C:\Documents and Settings\Craig\Application Data\HP
2007-08-25 00:44 --------- d-------- C:\Program Files\Realtek AC97
2007-08-25 00:29 23600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS
2007-08-25 00:21 --------- d-------- C:\Program Files\SiSoftware
2007-08-25 00:04 --------- d-------- C:\Program Files\C-Media 3D Audio
2007-08-24 23:05 --------- d-------- C:\Program Files\AIM
2007-08-24 23:05 --------- d-------- C:\Documents and Settings\Craig\Application Data\Aim
2007-08-24 23:04 --------- d-------- C:\Program Files\Common Files\AOL
2007-08-24 23:04 --------- d-------- C:\Program Files\AOD
2007-08-24 23:04 --------- d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-08-24 16:01 --------- d-------- C:\Documents and Settings\All Users\Application Data\Google
2007-08-24 15:15 --------- d-------- C:\Program Files\SiS VGA Utilities V3.59
2007-08-24 15:14 --------- d-------- C:\Program Files\Common Files\InstallShield
2007-08-24 15:05 --------- d-------- C:\Program Files\support.com
2007-08-24 15:05 --------- d-------- C:\Documents and Settings\All Users\Application Data\Support.com
2007-08-24 13:15 --------- d-------- C:\Program Files\Hasbro Interactive
2007-08-23 23:41 --------- d-------- C:\Program Files\microsoft frontpage
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-26 19:06 524288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-07-26 19:06 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-07-26 19:06 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-07-26 19:06 144704 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-07-26 19:06 129784 --------- C:\WINDOWS\system32\pxafs.dll
2007-07-26 19:06 120056 --------- C:\WINDOWS\system32\pxcpyi64.exe
2007-07-26 19:06 118520 --------- C:\WINDOWS\system32\pxinsi64.exe
2007-07-26 19:06 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-07-26 19:03 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-07-26 19:03 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-07-26 19:03 81920 --a------ C:\WINDOWS\system32\dpl100.dll
2007-07-26 19:03 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-07-26 19:03 740442 --a------ C:\WINDOWS\system32\DivX.dll
2007-07-26 19:03 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2007-07-26 19:03 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-07-26 19:03 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2007-07-26 19:03 344064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-07-26 19:03 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-07-26 19:03 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-07-26 19:03 196608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-07-26 19:03 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2001-11-23 12:08 712704 --a------ C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@"="" []
"SiS Windows KeyHook"="C:\WINDOWS\System32\keyhook.exe" [2004-05-12 16:22]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 06:15]
"Cmaudio"="cmicnfg.cpl" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2001-08-02 07:14]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-26 18:01]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"<NO NAME>"=
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2007-08-24 15:15:00]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\WINDOWS\System32\__c00E5BD4.dat
.
Contents of the 'Scheduled Tasks' folder
"2007-09-09 01:35:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-09-13 19:28:34 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************
catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-08 17:49:25
Windows 5.1.2600 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-10-08 17:50:44 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-08 17:50
.
--- E O F ---
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\keyhook.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\sistray.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O20 - AppInit_DLLs: C:\WINDOWS\System32\__c00E5BD4.dat
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\System32\ZoneLabs\isafe.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 2679 bytes
.
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun.exe
C:\Documents and Settings\Craig\Start Menu\Programs\Startup\system.exe
C:\WINDOWS\system32\__c0014150.exe
C:\WINDOWS\system32\__c0064030.exe
C:\WINDOWS\system32\__c0098AB6.dat
C:\WINDOWS\system32\__c00A5441.exe
C:\WINDOWS\system32\__c00E5BD4.dat
C:\WINDOWS\system32\alog.txt
C:\WINDOWS\system32\help.txt
C:\WINDOWS\system32\printer.exe
C:\WINDOWS\system32\ps.dat
C:\WINDOWS\system32\svehost.exe
C:\WINDOWS\system32\vtr.dll
C:\WINDOWS\system32\vtr.dll
C:\WINDOWS\system32\WinAvXX.exe
.
((((((((((((((((((((((((( Files Created from 2007-09-08 to 2007-10-08 )))))))))))))))))))))))))))))))
.
2007-10-07 17:39 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-07 08:38 66,052 --a------ C:\WINDOWS\system32\__c0064030.dll
2007-10-07 08:17 66,052 --a------ C:\WINDOWS\system32\__c00A5441.dll
2007-10-04 13:06 203,096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-10-03 17:46 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-02 17:17 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2007-10-02 17:01 8,364 --a------ C:\WINDOWS\system32\sulimo.dat
2007-10-02 16:45 66,052 --a------ C:\WINDOWS\system32\__c0014150.dll
2007-09-30 23:48 7,804 --a------ C:\sysssoo.exe
2007-09-30 23:41 50,176 --a------ C:\WINDOWS\system32\btasv.dll
2007-09-30 23:41 40,830 --a------ C:\WINDOWS\system32\conf.dat
2007-09-30 23:41 1 --a------ C:\WINDOWS\system32\rc.dat
2007-09-30 23:41 1 --a------ C:\WINDOWS\system32\ps1.dat
2007-09-30 23:41 1 --a------ C:\WINDOWS\system32\cookie1.dat
2007-09-30 23:26 7,804 --a------ C:\sysolzm.exe
2007-09-16 18:20 <DIR> d-------- C:\Program Files\Calc98
2007-09-13 20:17 <DIR> d-------- C:\Program Files\TuxPaint
2007-09-13 20:17 <DIR> d-------- C:\Documents and Settings\Craig\Application Data\TuxPaint
2007-09-13 15:28 <DIR> d-------- C:\Program Files\XoftSpySE
2007-09-13 12:13 <DIR> d-------- C:\WINDOWS\.jagex_cache_32
2007-09-10 17:17 <DIR> d-------- C:\Documents and Settings\Craig\Application Data\Viewpoint
2007-09-09 13:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-09-08 16:19 1,156 --a------ C:\WINDOWS\mozver.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-20 17:26 --------- d-------- C:\Documents and Settings\Craig\Application Data\uTorrent
2007-09-06 21:37 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-09-06 21:36 --------- d-------- C:\Program Files\Oberon Media
2007-09-06 21:24 --------- d--h----- C:\Program Files\Zero G Registry
2007-09-06 21:24 --------- d-------- C:\Program Files\Pyware 3D Performer's Practice Tools
2007-09-05 20:48 --------- d-------- C:\Program Files\uTorrent
2007-09-05 18:16 --------- d-------- C:\Documents and Settings\Craig\Application Data\Talkback
2007-09-05 18:14 --------- d-------- C:\Program Files\DivX
2007-09-05 16:09 --------- d-------- C:\Documents and Settings\Craig\Application Data\Google
2007-09-05 16:08 --------- d-------- C:\Program Files\Google
2007-09-02 22:03 49152 --a------ C:\WINDOWS\system32\matorm.dll
2007-09-02 21:48 49152 --a------ C:\WINDOWS\system32\cocon.dll
2007-09-02 16:54 645904 --a------ C:\WINDOWS\system32\drivers\vetmonnt.sys
2007-09-02 16:54 115088 --a------ C:\WINDOWS\system32\drivers\vetfddnt.sys
2007-09-02 16:54 1021504 --a------ C:\WINDOWS\system32\vete.dll
2007-09-02 16:01 --------- d-------- C:\Documents and Settings\Craig\Application Data\MailFrontier
2007-09-02 15:46 --------- d-------- C:\Program Files\Executive Software
2007-09-02 14:54 --------- d-------- C:\Program Files\QuickTime
2007-09-02 14:54 --------- d-------- C:\Program Files\Apple Software Update
2007-09-02 14:54 --------- d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-09-02 14:54 --------- d-------- C:\Documents and Settings\All Users\Application Data\Apple
2007-09-02 14:26 --------- d-------- C:\Program Files\Lavasoft
2007-09-02 03:03 --------- d-------- C:\Documents and Settings\Craig\Application Data\Apple Computer
2007-09-02 02:30 --------- d-------- C:\Program Files\Trisnap Technologies
2007-09-02 02:09 --------- d-------- C:\Program Files\Alwil Software
2007-09-02 01:46 --------- d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-09-02 01:41 --------- d-------- C:\Program Files\C-Media Audio
2007-08-29 23:04 --------- d-------- C:\Documents and Settings\Craig\Application Data\Hulabee
2007-08-26 23:52 --------- d-------- C:\Program Files\HP
2007-08-26 23:52 --------- d-------- C:\Program Files\Common Files\HP
2007-08-26 23:50 --------- d-------- C:\Program Files\Hewlett-Packard
2007-08-26 23:50 --------- d-------- C:\Documents and Settings\All Users\Application Data\HP
2007-08-26 23:45 --------- d-------- C:\Documents and Settings\Craig\Application Data\HP
2007-08-25 00:44 --------- d-------- C:\Program Files\Realtek AC97
2007-08-25 00:29 23600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS
2007-08-25 00:21 --------- d-------- C:\Program Files\SiSoftware
2007-08-25 00:04 --------- d-------- C:\Program Files\C-Media 3D Audio
2007-08-24 23:05 --------- d-------- C:\Program Files\AIM
2007-08-24 23:05 --------- d-------- C:\Documents and Settings\Craig\Application Data\Aim
2007-08-24 23:04 --------- d-------- C:\Program Files\Common Files\AOL
2007-08-24 23:04 --------- d-------- C:\Program Files\AOD
2007-08-24 23:04 --------- d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-08-24 16:01 --------- d-------- C:\Documents and Settings\All Users\Application Data\Google
2007-08-24 15:15 --------- d-------- C:\Program Files\SiS VGA Utilities V3.59
2007-08-24 15:14 --------- d-------- C:\Program Files\Common Files\InstallShield
2007-08-24 15:05 --------- d-------- C:\Program Files\support.com
2007-08-24 15:05 --------- d-------- C:\Documents and Settings\All Users\Application Data\Support.com
2007-08-24 13:15 --------- d-------- C:\Program Files\Hasbro Interactive
2007-08-23 23:41 --------- d-------- C:\Program Files\microsoft frontpage
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-26 19:06 524288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-07-26 19:06 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-07-26 19:06 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-07-26 19:06 144704 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-07-26 19:06 129784 --------- C:\WINDOWS\system32\pxafs.dll
2007-07-26 19:06 120056 --------- C:\WINDOWS\system32\pxcpyi64.exe
2007-07-26 19:06 118520 --------- C:\WINDOWS\system32\pxinsi64.exe
2007-07-26 19:06 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-07-26 19:03 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-07-26 19:03 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-07-26 19:03 81920 --a------ C:\WINDOWS\system32\dpl100.dll
2007-07-26 19:03 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-07-26 19:03 740442 --a------ C:\WINDOWS\system32\DivX.dll
2007-07-26 19:03 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2007-07-26 19:03 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-07-26 19:03 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2007-07-26 19:03 344064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-07-26 19:03 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-07-26 19:03 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-07-26 19:03 196608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-07-26 19:03 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2001-11-23 12:08 712704 --a------ C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@"="" []
"SiS Windows KeyHook"="C:\WINDOWS\System32\keyhook.exe" [2004-05-12 16:22]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 06:15]
"Cmaudio"="cmicnfg.cpl" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2001-08-02 07:14]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-26 18:01]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"<NO NAME>"=
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2007-08-24 15:15:00]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\WINDOWS\System32\__c00E5BD4.dat
.
Contents of the 'Scheduled Tasks' folder
"2007-09-09 01:35:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-09-13 19:28:34 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************
catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-08 17:49:25
Windows 5.1.2600 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-10-08 17:50:44 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-08 17:50
.
--- E O F ---
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\keyhook.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\sistray.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O20 - AppInit_DLLs: C:\WINDOWS\System32\__c00E5BD4.dat
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\System32\ZoneLabs\isafe.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 2679 bytes
Okay, now we need to get a decent AntiVirus going.
AVG, Avira OR Avast are good FREE antivirus.
Never install more than one antivirus scanner or firewall on your system! Several together can give you problems and decrease the reliability of it seriously!
Run a full system scan wit the one you chose to install and let it clean all it finds. In your reply, please tell me how your computer is running now, and post a complete HijackThis log. Also go get it updated to SP1.
Thanks,
tea
AVG, Avira OR Avast are good FREE antivirus.
Never install more than one antivirus scanner or firewall on your system! Several together can give you problems and decrease the reliability of it seriously!
Run a full system scan wit the one you chose to install and let it clean all it finds. In your reply, please tell me how your computer is running now, and post a complete HijackThis log. Also go get it updated to SP1.
Thanks,
tea
Version information:
BUILD.DAT : 270 15603 Bytes 9/19/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 8/23/2007 18:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 8/16/2007 17:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 8/14/2007 20:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 8/21/2007 17:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 7/18/2007 19:27:15
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 9/13/2007 19:26:55
ANTIVIR2.VDF : 7.0.0.1 2048 Bytes 9/13/2007 19:27:04
ANTIVIR3.VDF : 7.0.0.2 2048 Bytes 9/13/2007 19:27:13
AVEWIN32.DLL : 7.6.0.15 2806272 Bytes 9/17/2007 22:43:56
AVWINLL.DLL : 1.0.0.7 14376 Bytes 2/26/2007 15:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 7/18/2007 12:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 4/16/2007 18:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 8/3/2007 13:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 7/18/2007 12:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 8/28/2007 17:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 7/18/2007 12:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 3/8/2007 16:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 8/7/2007 17:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 8/21/2007 17:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 7/23/2007 14:37:21
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: Monday, October 08, 2007 20:08
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sistray.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'reader_sl.exe' - '1' Module(s) have been scanned
Scan process 'Keyhook.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
27 processes with 27 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( '25' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\sysolzm.exe
[WARNING] The file could not be opened!
C:\sysssoo.exe
[WARNING] The file could not be opened!
C:\Program Files\Trend Micro\HijackThis\backups\backup-20071003-175845-886-system.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Program Files\Windows Media Player\wmplayer.exe.tmp
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.AALY
[INFO] The file was deleted!
C:\qoobox\Quarantine\catchme2007-10-08_174917.75.zip
[0] Archive type: ZIP
--> __c00E5BD4.dat
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was deleted!
C:\qoobox\Quarantine\C\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun.exe.vir
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\qoobox\Quarantine\C\Documents and Settings\Craig\Start Menu\Programs\Startup\system.exe.vir
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\qoobox\Quarantine\C\WINDOWS\system32\printer.exe.vir
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\qoobox\Quarantine\C\WINDOWS\system32\svehost.exe.vir
[DETECTION] Is the Trojan horse TR/Crypt.U.Gen
[INFO] The file was deleted!
C:\qoobox\Quarantine\C\WINDOWS\system32\winavxx.exe.vir
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\qoobox\Quarantine\C\WINDOWS\system32\__c0014150.exe.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was deleted!
C:\qoobox\Quarantine\C\WINDOWS\system32\__c0064030.exe.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was deleted!
C:\qoobox\Quarantine\C\WINDOWS\system32\__c0098AB6.dat.vir
[DETECTION] Is the Trojan horse TR/Juan.X.1
[INFO] The file was deleted!
C:\qoobox\Quarantine\C\WINDOWS\system32\__c00A5441.exe.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was deleted!
C:\qoobox\Quarantine\C\WINDOWS\system32\__c00E5BD4.dat.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP26\A0021345.exe
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.AALY
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP30\A0025138.dll
[DETECTION] Is the Trojan horse TR/Dldr.Small.12800
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0089779.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0089780.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0089781.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0090778.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0090779.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0090780.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0091778.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0091779.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0091780.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0091787.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0091788.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0091789.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0091794.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0091795.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0091796.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0092794.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0092795.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0093794.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0093795.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0093796.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0093801.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0093802.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0093803.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0094801.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0094802.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0094803.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0094808.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0094809.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0094810.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0095808.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0095809.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0095810.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0096808.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0096809.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0096810.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0096817.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0096818.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0096819.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0097817.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0097818.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0097819.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0098817.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0098818.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0098819.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0099817.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0099818.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0099819.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0099824.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0099825.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0099826.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0100824.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0100825.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0100826.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0100831.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0100832.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0100833.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0101831.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0101832.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0101833.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP40\A0101838.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP40\A0101839.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP40\A0101840.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP40\A0101841.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP40\A0101842.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP40\A0101843.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP40\A0101844.exe
[DETECTION] Is the Trojan horse TR/Crypt.U.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP40\A0101845.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP41\A0101896.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
End of the scan: Monday, October 08, 2007 21:19
Used time: 1:11:30 min
The scan has been done completely.
2927 Scanning directories
99460 Files were scanned
83 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
83 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
3 Files cannot be scanned
99377 Files not concerned
842 Archives were scanned
3 Warnings
0 Notes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:21:45 PM, on 10/8/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\keyhook.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O20 - AppInit_DLLs: C:\WINDOWS\System32\__c00E5BD4.dat
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\System32\ZoneLabs\isafe.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 3199 bytes
BUILD.DAT : 270 15603 Bytes 9/19/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 8/23/2007 18:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 8/16/2007 17:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 8/14/2007 20:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 8/21/2007 17:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 7/18/2007 19:27:15
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 9/13/2007 19:26:55
ANTIVIR2.VDF : 7.0.0.1 2048 Bytes 9/13/2007 19:27:04
ANTIVIR3.VDF : 7.0.0.2 2048 Bytes 9/13/2007 19:27:13
AVEWIN32.DLL : 7.6.0.15 2806272 Bytes 9/17/2007 22:43:56
AVWINLL.DLL : 1.0.0.7 14376 Bytes 2/26/2007 15:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 7/18/2007 12:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 4/16/2007 18:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 8/3/2007 13:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 7/18/2007 12:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 8/28/2007 17:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 7/18/2007 12:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 3/8/2007 16:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 8/7/2007 17:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 8/21/2007 17:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 7/23/2007 14:37:21
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: Monday, October 08, 2007 20:08
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sistray.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'reader_sl.exe' - '1' Module(s) have been scanned
Scan process 'Keyhook.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
27 processes with 27 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( '25' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\sysolzm.exe
[WARNING] The file could not be opened!
C:\sysssoo.exe
[WARNING] The file could not be opened!
C:\Program Files\Trend Micro\HijackThis\backups\backup-20071003-175845-886-system.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Program Files\Windows Media Player\wmplayer.exe.tmp
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.AALY
[INFO] The file was deleted!
C:\qoobox\Quarantine\catchme2007-10-08_174917.75.zip
[0] Archive type: ZIP
--> __c00E5BD4.dat
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was deleted!
C:\qoobox\Quarantine\C\Documents and Settings\All Users\Start Menu\Programs\Startup\autorun.exe.vir
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\qoobox\Quarantine\C\Documents and Settings\Craig\Start Menu\Programs\Startup\system.exe.vir
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\qoobox\Quarantine\C\WINDOWS\system32\printer.exe.vir
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\qoobox\Quarantine\C\WINDOWS\system32\svehost.exe.vir
[DETECTION] Is the Trojan horse TR/Crypt.U.Gen
[INFO] The file was deleted!
C:\qoobox\Quarantine\C\WINDOWS\system32\winavxx.exe.vir
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\qoobox\Quarantine\C\WINDOWS\system32\__c0014150.exe.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was deleted!
C:\qoobox\Quarantine\C\WINDOWS\system32\__c0064030.exe.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was deleted!
C:\qoobox\Quarantine\C\WINDOWS\system32\__c0098AB6.dat.vir
[DETECTION] Is the Trojan horse TR/Juan.X.1
[INFO] The file was deleted!
C:\qoobox\Quarantine\C\WINDOWS\system32\__c00A5441.exe.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was deleted!
C:\qoobox\Quarantine\C\WINDOWS\system32\__c00E5BD4.dat.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP26\A0021345.exe
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.AALY
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP30\A0025138.dll
[DETECTION] Is the Trojan horse TR/Dldr.Small.12800
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0089779.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0089780.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0089781.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0090778.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0090779.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0090780.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0091778.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0091779.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0091780.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0091787.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0091788.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0091789.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0091794.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0091795.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0091796.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0092794.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0092795.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0093794.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0093795.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0093796.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0093801.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0093802.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0093803.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0094801.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0094802.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0094803.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0094808.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0094809.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0094810.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0095808.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0095809.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0095810.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0096808.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0096809.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0096810.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0096817.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0096818.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0096819.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0097817.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0097818.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0097819.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0098817.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0098818.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0098819.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0099817.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0099818.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0099819.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0099824.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0099825.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0099826.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0100824.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0100825.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0100826.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0100831.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0100832.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0100833.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0101831.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0101832.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP39\A0101833.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP40\A0101838.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP40\A0101839.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP40\A0101840.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP40\A0101841.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP40\A0101842.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP40\A0101843.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP40\A0101844.exe
[DETECTION] Is the Trojan horse TR/Crypt.U.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP40\A0101845.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{6CDB4B22-6D89-402A-8890-BBBF40263804}\RP41\A0101896.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
End of the scan: Monday, October 08, 2007 21:19
Used time: 1:11:30 min
The scan has been done completely.
2927 Scanning directories
99460 Files were scanned
83 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
83 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
3 Files cannot be scanned
99377 Files not concerned
842 Archives were scanned
3 Warnings
0 Notes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:21:45 PM, on 10/8/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\keyhook.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O20 - AppInit_DLLs: C:\WINDOWS\System32\__c00E5BD4.dat
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\System32\ZoneLabs\isafe.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 3199 bytes
Hello
Please run the diagnostic program at the following link, and post the results in this thread.
http://go.microsoft.com/fwlink/?linkid=52012
Thanks,
tea
Please run the diagnostic program at the following link, and post the results in this thread.
http://go.microsoft.com/fwlink/?linkid=52012
Thanks,
tea
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.