Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Automatic Update turned off, crashing, pop ups!, Oldtimer solved this once before


  • This topic is locked This topic is locked
11 replies to this topic

#1 sonomacoma

sonomacoma

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:58 PM

Posted 05 November 2008 - 03:00 AM

Having all sorts of trouble. I cannot turn automatic update on, ad-aware seems to find problems every time. I am consistantly getting popups. All hell as broken loose. Can anyone help?
Thank You So Much,
Dennis
'
Hi Jack Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:56:47 PM, on 11/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\PokerOffice\bin\javaw.exe
C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [hpbdfawep] C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe 1
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [POEngine] "C:\Program Files\PokerOffice\POEngine.exe" C:\Program Files\PokerOffice
O4 - HKLM\..\Run: [901ec23d] rundll32.exe "C:\WINDOWS\system32\suunrfic.dll",b
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: WlanUtility.lnk = C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Dennis\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Dennis\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1196297376682
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwa...ash/swflash.cab
O20 - AppInit_DLLs: zybucx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 7170 bytes

BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:06:58 AM

Posted 05 November 2008 - 04:39 AM

Hi,

I understand that you need help in order to get rid of the malware that is present on your system - But you need to help us first..
I notice that you never scanned with an Antivirus previously before starting this thread - because you don't even have an Antivirus installed!
This is somewhat suicidal in today's digital world.
That's why I want you to install one first!!

* Please install Avira Antivirus: http://www.free-av.com/
This is a free Antivirus.

Perform a full scan with Avira and let it delete everything it is finding.
Then reboot.
After reboot, open your Avira and select "reports".
There doubleclick the report from the Full scan you have done. Click the "Report File" button and copy and paste this report in your next reply together with a new HijackThislog.
Then we'll start from there, because it really makes no sense otherwise that we clean this up manually if an Antivirusscan is not present which should be able to deal with most and prevent further reinfection.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 sonomacoma

sonomacoma
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:58 PM

Posted 06 November 2008 - 12:29 AM

Ok so here is my log from the anti virus and the new hijack log. The only thing is i Had to uninstall the antivirus after i used it because it kept making there guard pop ups come up. It got so bad that my computer could barely function when it was running. I tried to disable the guard component but I couldnt. I figure I will download NAV via newsbin after this nasty virus is gone. Let me know if this is ok here comes the hijack log first and the antivirus logifile second.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:25:04 PM, on 11/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\PokerOffice\bin\javaw.exe
C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exe
C:\Program Files\AIM6\aolsoftware.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [hpbdfawep] C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe 1
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [POEngine] "C:\Program Files\PokerOffice\POEngine.exe" C:\Program Files\PokerOffice
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: WlanUtility.lnk = C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Dennis\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Dennis\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1196297376682
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwa...ash/swflash.cab
O20 - AppInit_DLLs: zybucx.dll cgxnnd.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 7261 bytes



Avira AntiVir Personal
Report file date: Wednesday, November 05, 2008 17:16

Scanning for 1009266 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: WINGS-849141E85

Version information:
BUILD.DAT : 8.2.0.334 16933 Bytes 10/16/2008 14:55:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 6/26/2008 18:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 5/26/2008 17:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 6/12/2008 22:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 5/26/2008 17:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 01:14:00
ANTIVIR1.VDF : 7.1.0.21 130560 Bytes 10/31/2008 01:14:02
ANTIVIR2.VDF : 7.1.0.22 2048 Bytes 10/31/2008 01:14:03
ANTIVIR3.VDF : 7.1.0.42 128512 Bytes 11/5/2008 01:14:06
Engineversion : 8.2.0.26
AEVDF.DLL : 8.1.0.6 102772 Bytes 10/14/2008 20:05:56
AESCRIPT.DLL : 8.1.1.13 332156 Bytes 11/6/2008 01:14:39
AESCN.DLL : 8.1.1.3 123252 Bytes 10/14/2008 20:05:56
AERDL.DLL : 8.1.1.3 438645 Bytes 11/6/2008 01:14:36
AEPACK.DLL : 8.1.3.3 393591 Bytes 11/6/2008 01:14:32
AEOFFICE.DLL : 8.1.0.29 196988 Bytes 11/6/2008 01:14:29
AEHEUR.DLL : 8.1.0.68 1479029 Bytes 11/6/2008 01:14:26
AEHELP.DLL : 8.1.1.2 115062 Bytes 10/14/2008 20:05:56
AEGEN.DLL : 8.1.0.43 319862 Bytes 11/6/2008 01:14:13
AEEMU.DLL : 8.1.0.9 393588 Bytes 10/14/2008 20:05:56
AECORE.DLL : 8.1.2.9 172407 Bytes 11/6/2008 01:14:10
AEBB.DLL : 8.1.0.3 53618 Bytes 10/14/2008 20:05:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 7/9/2008 18:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 5/16/2008 19:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 11/6/2008 01:14:07
AVREG.DLL : 8.0.0.1 33537 Bytes 5/9/2008 21:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 18:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 6/12/2008 22:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/23/2008 03:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 6/12/2008 22:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 22:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 6/12/2008 23:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 6/27/2008 23:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: Wednesday, November 05, 2008 17:16

The scan of running processes will be started
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'aolsoftware.exe' - '1' Module(s) have been scanned
Scan process 'aolsoftware.exe' - '1' Module(s) have been scanned
Scan process 'aim6.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'WLAN_Service.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'SPUVolumeWatcher.exe' - '1' Module(s) have been scanned
Scan process 'WlanUtility.exe' - '1' Module(s) have been scanned
Scan process 'javaw.exe' - '1' Module(s) have been scanned
Scan process 'Hotsync.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'SynTPLpr.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'HP1006MC.EXE' - '1' Module(s) have been scanned
Scan process 'ViewpointService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
45 processes with 45 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan the registry.
C:\WINDOWS\system32\qoMffEXO.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[WARNING] The file was ignored!

The registry was scanned ( '74' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Dennis\Downloads\Ziggy Marley - In Jamaica [2008].part2.rar
[0] Archive type: RAR
--> 06-dennis_brown-money_in_my_pocket.mp3
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Documents and Settings\Dennis\Downloads\Ziggy Marley - In Jamaica [2008].part3.rar
[0] Archive type: RAR
--> 09-horace_andy-skylarking.mp3
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Documents and Settings\Dennis\Downloads\Ziggy Marley - In Jamaica [2008].part4.rar
[0] Archive type: RAR
--> 13-delroy_wilson-better_must_come.mp3
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Documents and Settings\Dennis\Downloads\Ziggy Marley - In Jamaica [2008].part5.rar
[0] Archive type: RAR
--> 00-ziggy_marley-in_jamaica-2008.jpg
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Documents and Settings\Dennis\Local Settings\Temporary Internet Files\Content.IE5\0N09IDGL\4l1gd[1].dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[NOTE] The file was deleted!
C:\Documents and Settings\Dennis\Local Settings\Temporary Internet Files\Content.IE5\0N09IDGL\CADD6ZGD
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was deleted!
C:\Documents and Settings\Dennis\Local Settings\Temporary Internet Files\Content.IE5\A58FGXED\kb20010911[1]
[DETECTION] Is the TR/QLowZones.S Trojan
[NOTE] The file was deleted!
C:\Program Files\Poker Indicator\PokerIndicator.exe
[DETECTION] Is the TR/Agent.387072.B Trojan
[NOTE] The file was moved to '497d4a7a.qua'!
C:\Program Files\PokerOffice\bin\fthimp.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was deleted!
C:\System Volume Information\_restore{75863131-027A-4EA8-AAD9-4B1D4D4E70CA}\RP101\A0061653.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49424c5e.qua'!
C:\System Volume Information\_restore{75863131-027A-4EA8-AAD9-4B1D4D4E70CA}\RP105\A0061762.exe
[DETECTION] Is the TR/Agent.387072.B Trojan
[NOTE] The file was moved to '49424c90.qua'!
C:\System Volume Information\_restore{75863131-027A-4EA8-AAD9-4B1D4D4E70CA}\RP105\A0061763.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to '49424c93.qua'!
C:\System Volume Information\_restore{75863131-027A-4EA8-AAD9-4B1D4D4E70CA}\RP96\A0059372.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49424cd6.qua'!
C:\System Volume Information\_restore{75863131-027A-4EA8-AAD9-4B1D4D4E70CA}\RP99\A0060560.EXE
[DETECTION] Contains recognition pattern of the DR/Monder.roz dropper
[NOTE] The file was moved to '49424ce2.qua'!
C:\System Volume Information\_restore{75863131-027A-4EA8-AAD9-4B1D4D4E70CA}\RP99\A0060572.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '49424ce5.qua'!
C:\System Volume Information\_restore{75863131-027A-4EA8-AAD9-4B1D4D4E70CA}\RP99\A0060574.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[NOTE] The file was moved to '49424ced.qua'!
C:\System Volume Information\_restore{75863131-027A-4EA8-AAD9-4B1D4D4E70CA}\RP99\A0060575.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[NOTE] The file was moved to '49424cf0.qua'!
C:\System Volume Information\_restore{75863131-027A-4EA8-AAD9-4B1D4D4E70CA}\RP99\A0060576.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[NOTE] The file was moved to '49424cf2.qua'!
C:\System Volume Information\_restore{75863131-027A-4EA8-AAD9-4B1D4D4E70CA}\RP99\A0060577.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[NOTE] The file was deleted!
C:\System Volume Information\_restore{75863131-027A-4EA8-AAD9-4B1D4D4E70CA}\RP99\A0060578.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[NOTE] The file was moved to '49424d0f.qua'!
C:\System Volume Information\_restore{75863131-027A-4EA8-AAD9-4B1D4D4E70CA}\RP99\A0060579.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[NOTE] The file was moved to '49424d20.qua'!
C:\System Volume Information\_restore{75863131-027A-4EA8-AAD9-4B1D4D4E70CA}\RP99\A0060580.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[NOTE] The file was moved to '49424d22.qua'!
C:\System Volume Information\_restore{75863131-027A-4EA8-AAD9-4B1D4D4E70CA}\RP99\A0060581.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[NOTE] The file was moved to '49424d39.qua'!
C:\System Volume Information\_restore{75863131-027A-4EA8-AAD9-4B1D4D4E70CA}\RP99\A0060582.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[NOTE] The file was moved to '49424d3c.qua'!
C:\System Volume Information\_restore{75863131-027A-4EA8-AAD9-4B1D4D4E70CA}\RP99\A0060583.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[NOTE] The file was moved to '49424d3e.qua'!
C:\System Volume Information\_restore{75863131-027A-4EA8-AAD9-4B1D4D4E70CA}\RP99\A0060584.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[NOTE] The file was moved to '49424d40.qua'!
C:\System Volume Information\_restore{75863131-027A-4EA8-AAD9-4B1D4D4E70CA}\RP99\A0060585.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[NOTE] The file was moved to '49424d49.qua'!
C:\System Volume Information\_restore{75863131-027A-4EA8-AAD9-4B1D4D4E70CA}\RP99\A0060586.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[NOTE] The file was moved to '49424d58.qua'!
C:\System Volume Information\_restore{75863131-027A-4EA8-AAD9-4B1D4D4E70CA}\RP99\A0060587.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[NOTE] The file was moved to '49424d5a.qua'!
C:\System Volume Information\_restore{75863131-027A-4EA8-AAD9-4B1D4D4E70CA}\RP99\A0060588.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[NOTE] The file was moved to '49424d5d.qua'!
C:\System Volume Information\_restore{75863131-027A-4EA8-AAD9-4B1D4D4E70CA}\RP99\A0060589.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[WARNING] The file was ignored!
C:\System Volume Information\_restore{75863131-027A-4EA8-AAD9-4B1D4D4E70CA}\RP99\A0060590.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[WARNING] The file was ignored!
C:\System Volume Information\_restore{75863131-027A-4EA8-AAD9-4B1D4D4E70CA}\RP99\A0060591.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[WARNING] The file was ignored!
C:\System Volume Information\_restore{75863131-027A-4EA8-AAD9-4B1D4D4E70CA}\RP99\A0060592.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[WARNING] The file was ignored!
C:\System Volume Information\_restore{75863131-027A-4EA8-AAD9-4B1D4D4E70CA}\RP99\A0060593.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[WARNING] The file was ignored!
C:\System Volume Information\_restore{75863131-027A-4EA8-AAD9-4B1D4D4E70CA}\RP99\A0060594.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[WARNING] The file was ignored!
C:\System Volume Information\_restore{75863131-027A-4EA8-AAD9-4B1D4D4E70CA}\RP99\A0060595.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[WARNING] The file was ignored!
C:\System Volume Information\_restore{75863131-027A-4EA8-AAD9-4B1D4D4E70CA}\RP99\A0060596.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[WARNING] The file was ignored!
C:\System Volume Information\_restore{75863131-027A-4EA8-AAD9-4B1D4D4E70CA}\RP99\A0060597.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[WARNING] The file was ignored!
C:\System Volume Information\_restore{75863131-027A-4EA8-AAD9-4B1D4D4E70CA}\RP99\A0060598.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[WARNING] The file was ignored!
C:\System Volume Information\_restore{75863131-027A-4EA8-AAD9-4B1D4D4E70CA}\RP99\A0060599.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[WARNING] The file was ignored!
C:\System Volume Information\_restore{75863131-027A-4EA8-AAD9-4B1D4D4E70CA}\RP99\A0060600.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[WARNING] The file was ignored!
C:\System Volume Information\_restore{75863131-027A-4EA8-AAD9-4B1D4D4E70CA}\RP99\A0060601.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[WARNING] The file was ignored!
C:\System Volume Information\_restore{75863131-027A-4EA8-AAD9-4B1D4D4E70CA}\RP99\A0060602.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[WARNING] The file was ignored!
C:\System Volume Information\_restore{75863131-027A-4EA8-AAD9-4B1D4D4E70CA}\RP99\A0060603.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[WARNING] The file was ignored!
C:\System Volume Information\_restore{75863131-027A-4EA8-AAD9-4B1D4D4E70CA}\RP99\A0060604.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[WARNING] The file was ignored!
C:\System Volume Information\_restore{75863131-027A-4EA8-AAD9-4B1D4D4E70CA}\RP99\A0060605.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[WARNING] The file was ignored!
C:\System Volume Information\_restore{75863131-027A-4EA8-AAD9-4B1D4D4E70CA}\RP99\A0060606.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[WARNING] The file was ignored!
C:\System Volume Information\_restore{75863131-027A-4EA8-AAD9-4B1D4D4E70CA}\RP99\A0060607.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[WARNING] The file was ignored!
C:\System Volume Information\_restore{75863131-027A-4EA8-AAD9-4B1D4D4E70CA}\RP99\A0060608.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[WARNING] The file was ignored!
C:\System Volume Information\_restore{75863131-027A-4EA8-AAD9-4B1D4D4E70CA}\RP99\A0060609.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[WARNING] The file was ignored!
C:\System Volume Information\_restore{75863131-027A-4EA8-AAD9-4B1D4D4E70CA}\RP99\A0060610.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[WARNING] The file was ignored!
C:\System Volume Information\_restore{75863131-027A-4EA8-AAD9-4B1D4D4E70CA}\RP99\A0060611.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[WARNING] The file was ignored!
C:\System Volume Information\_restore{75863131-027A-4EA8-AAD9-4B1D4D4E70CA}\RP99\A0060612.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[WARNING] The file was ignored!
C:\System Volume Information\_restore{75863131-027A-4EA8-AAD9-4B1D4D4E70CA}\RP99\A0060613.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[WARNING] The file was ignored!
C:\System Volume Information\_restore{75863131-027A-4EA8-AAD9-4B1D4D4E70CA}\RP99\A0060614.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[WARNING] The file was ignored!
C:\System Volume Information\_restore{75863131-027A-4EA8-AAD9-4B1D4D4E70CA}\RP99\A0060615.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[WARNING] The file was ignored!
C:\System Volume Information\_restore{75863131-027A-4EA8-AAD9-4B1D4D4E70CA}\RP99\A0060616.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[WARNING] The file was ignored!
C:\System Volume Information\_restore{75863131-027A-4EA8-AAD9-4B1D4D4E70CA}\RP99\A0060617.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[WARNING] The file was ignored!
C:\System Volume Information\_restore{75863131-027A-4EA8-AAD9-4B1D4D4E70CA}\RP99\A0060618.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[WARNING] The file was ignored!
C:\System Volume Information\_restore{75863131-027A-4EA8-AAD9-4B1D4D4E70CA}\RP99\A0060619.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[WARNING] The file was ignored!
C:\System Volume Information\_restore{75863131-027A-4EA8-AAD9-4B1D4D4E70CA}\RP99\A0060620.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[WARNING] The file was ignored!
C:\System Volume Information\_restore{75863131-027A-4EA8-AAD9-4B1D4D4E70CA}\RP99\A0060621.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[WARNING] The file was ignored!
C:\WINDOWS\system32\antemqlv.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[WARNING] The file was ignored!
C:\WINDOWS\system32\bcvqhrwt.exe
[DETECTION] Is the TR/QLowZones.S Trojan
[WARNING] The file was ignored!
C:\WINDOWS\system32\bhugtrmq.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[WARNING] The file was ignored!
C:\WINDOWS\system32\boxgiarn.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[WARNING] The file was ignored!
C:\WINDOWS\system32\burxhvqm.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[WARNING] The file was ignored!
C:\WINDOWS\system32\cgjhyfsh.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[WARNING] The file was ignored!
C:\WINDOWS\system32\cntblolh.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[WARNING] The file was ignored!
C:\WINDOWS\system32\csuquanl.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[WARNING] The file was ignored!
C:\WINDOWS\system32\cxqgapji.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[WARNING] The file was ignored!
C:\WINDOWS\system32\eafwev.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[WARNING] The file was ignored!
C:\WINDOWS\system32\elstiylq.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[WARNING] The file was ignored!
C:\WINDOWS\system32\exhjmkqt.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[WARNING] The file was ignored!
C:\WINDOWS\system32\fdwtyknk.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[WARNING] The file was ignored!
C:\WINDOWS\system32\feltkcng.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[WARNING] The file was ignored!
C:\WINDOWS\system32\fhaklaqh.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[WARNING] The file was ignored!
C:\WINDOWS\system32\fwqkve.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[WARNING] The file was ignored!
C:\WINDOWS\system32\geccbxwx.exe
[DETECTION] Is the TR/QLowZones.S Trojan
[WARNING] The file was ignored!
C:\WINDOWS\system32\gfvjreng.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[WARNING] The file was ignored!
C:\WINDOWS\system32\gtatmikc.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[WARNING] The file was ignored!
C:\WINDOWS\system32\hgGWOHXn.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[WARNING] The file was ignored!
C:\WINDOWS\system32\hhnrknfh.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[WARNING] The file was ignored!
C:\WINDOWS\system32\hlpkgcpt.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[WARNING] The file was ignored!
C:\WINDOWS\system32\huevcjlp.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[WARNING] The file was ignored!
C:\WINDOWS\system32\hzykkz.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[WARNING] The file was ignored!
C:\WINDOWS\system32\idcwxsrh.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[WARNING] The file was ignored!
C:\WINDOWS\system32\ikcwnlhb.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[WARNING] The file was ignored!
C:\WINDOWS\system32\ilxwaoio.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[WARNING] The file was ignored!
C:\WINDOWS\system32\iwtvujyb.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[WARNING] The file was ignored!
C:\WINDOWS\system32\jaqnbtoy.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[WARNING] The file was ignored!
C:\WINDOWS\system32\kbfweqoa.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[WARNING] The file was ignored!
C:\WINDOWS\system32\kkbdfcwr.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[WARNING] The file was ignored!
C:\WINDOWS\system32\kljxccps.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[WARNING] The file was ignored!
C:\WINDOWS\system32\kruorxwr.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[WARNING] The file was ignored!
C:\WINDOWS\system32\lnyhlypt.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[WARNING] The file was ignored!
C:\WINDOWS\system32\lqgjoclj.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[WARNING] The file was ignored!
C:\WINDOWS\system32\mcrrfevw.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[WARNING] The file was ignored!
C:\WINDOWS\system32\mehbpbnf.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[WARNING] The file was ignored!
C:\WINDOWS\system32\mmdarvml.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[WARNING] The file was ignored!
C:\WINDOWS\system32\mpdibajb.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[WARNING] The file was ignored!
C:\WINDOWS\system32\natctrmp.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[WARNING] The file was ignored!
C:\WINDOWS\system32\nielcikv.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[WARNING] The file was ignored!
C:\WINDOWS\system32\nvsbgmpr.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[WARNING] The file was ignored!
C:\WINDOWS\system32\nyekxt.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[WARNING] The file was ignored!
C:\WINDOWS\system32\oaalpfhn.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[WARNING] The file was ignored!
C:\WINDOWS\system32\oflcfjom.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[WARNING] The file was ignored!
C:\WINDOWS\system32\ojuihuvs.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[WARNING] The file was ignored!
C:\WINDOWS\system32\otobsktj.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[WARNING] The file was ignored!
C:\WINDOWS\system32\poklawna.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[WARNING] The file was ignored!
C:\WINDOWS\system32\prlmfkph.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[WARNING] The file was ignored!
C:\WINDOWS\system32\ptbupgii.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[WARNING] The file was ignored!
C:\WINDOWS\system32\pyjipeum.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[WARNING] The file was ignored!
C:\WINDOWS\system32\qoMffEXO.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[WARNING] The file was ignored!
C:\WINDOWS\system32\qpilshny.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[WARNING] The file was ignored!
C:\WINDOWS\system32\rjjotpol.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[WARNING] The file was ignored!
C:\WINDOWS\system32\sdadetrm.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[WARNING] The file was ignored!
C:\WINDOWS\system32\suunrfic.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[WARNING] The file was ignored!
C:\WINDOWS\system32\svjybrpg.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[WARNING] The file was ignored!
C:\WINDOWS\system32\tavfbmuv.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[WARNING] The file was ignored!
C:\WINDOWS\system32\trqpeymw.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[WARNING] The file was ignored!
C:\WINDOWS\system32\ubpyjopp.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[WARNING] The file was ignored!
C:\WINDOWS\system32\uivcddkj.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[WARNING] The file was ignored!
C:\WINDOWS\system32\ulryfbnr.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[WARNING] The file was ignored!
C:\WINDOWS\system32\uqnikwjp.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[WARNING] The file was ignored!
C:\WINDOWS\system32\vebfrfgx.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[WARNING] The file was ignored!
C:\WINDOWS\system32\vjorsxlj.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[WARNING] The file was ignored!
C:\WINDOWS\system32\vkemwxdw.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[WARNING] The file was ignored!
C:\WINDOWS\system32\vmobuboy.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[WARNING] The file was ignored!
C:\WINDOWS\system32\wavsvhqu.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[WARNING] The file was ignored!
C:\WINDOWS\system32\wdocsgme.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[WARNING] The file was ignored!
C:\WINDOWS\system32\wixhihhy.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[WARNING] The file was ignored!
C:\WINDOWS\system32\wkviws.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[WARNING] The file was ignored!
C:\WINDOWS\system32\wpkubw.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[WARNING] The file was ignored!
C:\WINDOWS\system32\wsetgouw.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[WARNING] The file was ignored!
C:\WINDOWS\system32\xkatmlro.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[WARNING] The file was ignored!
C:\WINDOWS\system32\xmwuwirp.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[WARNING] The file was ignored!
C:\WINDOWS\system32\xwldihml.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[WARNING] The file was ignored!
C:\WINDOWS\system32\yfqfwqlk.dll
[DETECTION] Is the TR/Crypt.Morphine.Gen Trojan
[WARNING] The file was ignored!
C:\WINDOWS\system32\ygqclgqt.exe
[DETECTION] Is the TR/QLowZones.S Trojan
[WARNING] The file was ignored!
C:\WINDOWS\system32\zybucx.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[WARNING] The file was ignored!


End of the scan: Wednesday, November 05, 2008 17:57
Used time: 40:59 Minute(s)

The scan has been done completely.

8685 Scanning directories
205232 Files were scanned
139 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
5 files were deleted
0 files were repaired
21 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
205092 Files not concerned
1722 Archives were scanned
118 Warnings
26 Notes

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:06:58 AM

Posted 06 November 2008 - 01:06 AM

The only thing is i Had to uninstall the antivirus after i used it because it kept making there guard pop ups come up

Please install the Antivirus again. How are you supposed to prevent further malware if you uninstall your Antivirus again? An Antivirus is not only necessary to remove the found threats, but to PREVENT malware in the first place.
Then,

* Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 sonomacoma

sonomacoma
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:58 PM

Posted 06 November 2008 - 01:25 AM

but if the antivirus is messing my computer up with ten popups a minute, should I at least find another kind of antivirus? Or do you know of a way to turn off the guard popups on that program?

#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:06:58 AM

Posted 06 November 2008 - 01:28 AM

It's malware that is messing your computer, not the Antivirus. The fact that it displays these popup alerts means that it is a good antivirus and detects the malware.
So why should you install another Antivirus that won't alert you if malware is present? That doesn't make sense.
Just let Avira delete what it finds and then reboot, instead of ignoring what it has found. Because in your previous post, I see you let Avira ignore everything. This is not going to work.

Edited by miekiemoes, 06 November 2008 - 01:30 AM.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 sonomacoma

sonomacoma
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:58 PM

Posted 06 November 2008 - 01:54 AM

I do not mean to be rude, and I understand you know a lot more about this stuff than I do. However, I didnt ignore the pop ups at first, i clicked delete many many times, then I tried quarantine, and finally after literally hundreds of popups and my computer barely being able to function, I tried ignoring the alerts in hopes that the pop ups would stop and my computer would work in a way that I could access the internet and run hijack. So if you really think I should run the av with the problems i am having I will but would it be possible to keep it off while we are fixing this then turn it on afterward. It does not seem like it is capable of deleting what ever it is detecting. As soon as I click delete it another popup with the same problem comes right back up.
Thanks For Your Help,
I dont know why you guys dont charge for this. You guys are friggin awesome.

#8 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:06:58 AM

Posted 06 November 2008 - 01:57 AM

Hi,

Ok, just proceed with the Combofix steps, but promise you're going to install an Antivirus afterwards, because without any protection present, you're wideopen for infections.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 sonomacoma

sonomacoma
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:11:58 PM

Posted 06 November 2008 - 03:21 AM

alright I will post it tomorrow, if you live in california i owe you a beer.

#10 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:06:58 AM

Posted 06 November 2008 - 06:50 AM

Ok, I'll read the logs tomorrow. And no, I don't live in California, I live in Belgium :thumbsup:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:06:58 AM

Posted 12 November 2008 - 02:18 AM

Hi,

We are one week later and I still haven't seen any logs. Not sure if you still need help or not.
I'll leave this thread open for another couple of days and if still no reply, I will close it so I can help someone else instead.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#12 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:06:58 AM

Posted 19 November 2008 - 03:25 AM

Due to the lack of feedback, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users