Jump to content

Security Suite Virus/Google Redirect


Recommended Posts

So my problem might sound a bit unique.

I've had the security suite virus and succeeded in deleting in. I was infected at around 3:28 PM on 6/18/2010 (yesterday) and used MBAM and Avira to purge my system. It worked, and my system (including the proxy settings that the virus had changed) are all back to normal. However, I've noticed that roughly one in every ten searches I do on Google redirect to other rogue antivirus sites. I haven't been reinfected, I'm sure, but it looks like something's left over.

Avira is picking up a virus driver, iukikry.sys, and I've attempted to remove it using HijackThis and FileASSASSIN, only to find it back again when I reboot. There are some unusual .dll's in my C:\WINDOWS folder with registry keys to have them run on reboot (see below). They are all listed as having been created yesterday, so I suspect that they're associated and are what is recreating the virus driver.

I'd really just like to know that these DLL's aren't vital to the system so I can delete them and move on. Also, note that due to company restrictions system restore and windows update are disabled on my computer. :)

Link to post
Share on other sites

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 11:28:59 AM, on 8/19/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Citrix\ICA Client\ssonsvr.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\WINDOWS\system32\ICO.EXE

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\FSRremoS.EXE

C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\Logitech\QuickCam\Quickcam.exe

C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\PIXELA\ImageMixer 3 SE Ver.4\Transfer Utility\CameraMonitor.exe

C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe

C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\UStorSrv.exe

C:\Program Files\UN\CMS\CMSService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

E:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6522

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\AntiSpyware\Spybot\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"

O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"

O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [Verizon_McciTrayApp] "C:\Program Files\Verizon\McciTrayApp.exe"

O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Ljecawubixa] rundll32.exe "C:\WINDOWS\itoxoretubediday.dll",Startup

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Wlutavadejuza] rundll32.exe "C:\WINDOWS\dridegma.dll",Startup

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - Global Startup: ImageMixer 3 SE Camera Monitor Ver.4.lnk = C:\Program Files\PIXELA\ImageMixer 3 SE Ver.4\Transfer Utility\CameraMonitor.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab

O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab

O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://webmail03.un.org/iNotes6W.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1273421714500

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1273421696046

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photo...ol/MSNPUpld.cab

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O20 - AppInit_DLLs:

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: CMS Service (CMSService) - UNHQ - C:\Program Files\UN\CMS\CMSService.exe

O23 - Service: Google Update Service (gupdate1c9857f1e24e026) (gupdate1c9857f1e24e026) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: ServicepointService - Unknown owner - C:\Program Files\Verizon\VSP\ServicepointService.exe (file missing)

O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe

--

End of file - 12935 bytes

Link to post
Share on other sites

Avira AntiVir Personal

Report file date: Thursday, August 19, 2010 13:53

Scanning for 2728515 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus

Serial number : 0000149996-ADJIE-0000001

Platform : Windows XP

Windows version : (Service Pack 3) [5.1.2600]

Boot mode : Normally booted

Username : Administrator

Computer name : UNHQ-59F09439FD

Version information:

BUILD.DAT : 9.0.0.422 21701 Bytes 3/9/2010 10:29:00

AVSCAN.EXE : 9.0.3.10 466689 Bytes 11/19/2009 21:35:37

AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 15:58:24

LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 16:35:49

LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 15:58:52

VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 21:35:37

VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 21:35:37

VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 23:40:26

VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 01:19:54

VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 22:31:34

VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 21:22:22

VBASE006.VDF : 7.10.7.218 2294784 Bytes 6/2/2010 19:30:26

VBASE007.VDF : 7.10.9.165 4840960 Bytes 7/23/2010 05:35:10

VBASE008.VDF : 7.10.9.166 2048 Bytes 7/23/2010 05:35:10

VBASE009.VDF : 7.10.9.167 2048 Bytes 7/23/2010 05:35:11

VBASE010.VDF : 7.10.9.168 2048 Bytes 7/23/2010 05:35:11

VBASE011.VDF : 7.10.9.169 2048 Bytes 7/23/2010 05:35:11

VBASE012.VDF : 7.10.9.170 2048 Bytes 7/23/2010 05:35:11

VBASE013.VDF : 7.10.9.198 157696 Bytes 7/26/2010 17:47:59

VBASE014.VDF : 7.10.9.255 997888 Bytes 7/29/2010 00:37:55

VBASE015.VDF : 7.10.10.28 139264 Bytes 8/2/2010 00:38:00

VBASE016.VDF : 7.10.10.52 127488 Bytes 8/3/2010 00:38:05

VBASE017.VDF : 7.10.10.84 137728 Bytes 8/6/2010 00:38:13

VBASE018.VDF : 7.10.10.107 176640 Bytes 8/9/2010 00:38:17

VBASE019.VDF : 7.10.10.130 132608 Bytes 8/10/2010 00:38:20

VBASE020.VDF : 7.10.10.158 131072 Bytes 8/12/2010 00:38:23

VBASE021.VDF : 7.10.10.190 136704 Bytes 8/16/2010 23:48:07

VBASE022.VDF : 7.10.10.191 2048 Bytes 8/16/2010 23:48:07

VBASE023.VDF : 7.10.10.192 2048 Bytes 8/16/2010 23:48:08

VBASE024.VDF : 7.10.10.193 2048 Bytes 8/16/2010 23:48:08

VBASE025.VDF : 7.10.10.194 2048 Bytes 8/16/2010 23:48:08

VBASE026.VDF : 7.10.10.195 2048 Bytes 8/16/2010 23:48:08

VBASE027.VDF : 7.10.10.196 2048 Bytes 8/16/2010 23:48:08

VBASE028.VDF : 7.10.10.197 2048 Bytes 8/16/2010 23:48:08

VBASE029.VDF : 7.10.10.198 2048 Bytes 8/16/2010 23:48:09

VBASE030.VDF : 7.10.10.199 2048 Bytes 8/16/2010 23:48:09

VBASE031.VDF : 7.10.10.214 111104 Bytes 8/18/2010 23:48:51

Engineversion : 8.2.4.38

AEVDF.DLL : 8.1.2.1 106868 Bytes 8/15/2010 00:39:42

AESCRIPT.DLL : 8.1.3.42 1364347 Bytes 8/15/2010 00:39:41

AESCN.DLL : 8.1.6.1 127347 Bytes 5/12/2010 22:31:12

AESBX.DLL : 8.1.3.1 254324 Bytes 4/23/2010 22:18:23

AERDL.DLL : 8.1.8.2 614772 Bytes 7/21/2010 12:52:42

AEPACK.DLL : 8.2.3.5 471412 Bytes 8/15/2010 00:39:28

AEOFFICE.DLL : 8.1.1.8 201081 Bytes 7/23/2010 05:34:25

AEHEUR.DLL : 8.1.2.15 2859382 Bytes 8/18/2010 23:49:23

AEHELP.DLL : 8.1.13.2 242039 Bytes 7/21/2010 12:50:36

AEGEN.DLL : 8.1.3.19 393587 Bytes 8/15/2010 00:38:31

AEEMU.DLL : 8.1.2.0 393588 Bytes 4/23/2010 22:18:07

AECORE.DLL : 8.1.16.2 192887 Bytes 7/21/2010 12:50:15

AEBB.DLL : 8.1.1.0 53618 Bytes 4/23/2010 22:18:02

AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 13:47:59

AVPREF.DLL : 9.0.3.0 44289 Bytes 9/8/2009 14:00:44

AVREP.DLL : 8.0.0.7 159784 Bytes 2/19/2010 15:06:54

AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 15:32:09

AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 20:05:41

AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 15:37:08

SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 20:03:49

SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 13:21:33

NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 15:32:10

RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 5/15/2009 20:39:58

RCTEXT.DLL : 9.0.73.0 86785 Bytes 11/19/2009 21:35:35

Configuration settings for the scan:

Jobname.............................: ShlExt

Configuration file..................: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\e351175b.avp

Logging.............................: low

Primary action......................: interactive

Secondary action....................: ignore

Scan master boot sector.............: on

Scan boot sector....................: on

Boot sectors........................: C:,

Process scan........................: off

Scan registry.......................: off

Search for rootkits.................: off

Integrity checking of system files..: off

Scan all files......................: Intelligent file selection

Scan archives.......................: on

Recursion depth.....................: 20

Smart extensions....................: on

Macro heuristic.....................: on

File heuristic......................: medium

Deviating risk categories...........: +JOKE,

Start of the scan: Thursday, August 19, 2010 13:53

Starting the file scan:

Begin scan in 'C:\WINDOWS\system32\drivers\iukikry.sys'

C:\WINDOWS\system32\drivers\iukikry.sys

[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan

[WARNING] The file could not be opened!

Beginning disinfection:

C:\WINDOWS\system32\drivers\iukikry.sys

[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan

[WARNING] The file was ignored!

End of the scan: Thursday, August 19, 2010 13:53

Used time: 00:02 Minute(s)

The scan has been done completely.

0 Scanned directories

2 Files were scanned

1 Viruses and/or unwanted programs were found

0 Files were classified as suspicious

0 files were deleted

0 Viruses and unwanted programs were repaired

0 Files were moved to quarantine

0 Files were renamed

1 Files cannot be scanned

0 Files not concerned

0 Archives were scanned

1 Warnings

0 Notes

Link to post
Share on other sites

Hi,

Also, note that due to company restrictions system restore and windows update are disabled on my computer.

As a business computer you need to have a license for use of MBAM. Please send a private message with your Cleverbridge order reference number to AdvancedSetup (Manager of Online Support) and they can assist you from the Corporate Support. ;)

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.