The infection is called "Trojan.CryptRedol.Gen.2" & "Trojan.CryptRedol.Gen.3"
---
Here's my latest Log File:
BitDefender Log File
Product : BitDefender Internet Security 2009
Version : BitDefender UIScanner v.12
Scanning task : Deep System Scan
Log date : 7/27/2009 10:29:00 PM
Log path : C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Profiles\Logs\deep_scan\1248748140_3_02.xml
Scan Paths:Path 0000: C:\
Scan Options:Scan for viruses : Yes
Scan for adware : Yes
Scan for spyware : Yes
Scan for applications : Yes
Scan for dialers : Yes
Scan for rootkits : Yes
Target Selection Options:Scan registry keys : Yes
Scan cookies : Yes
Scan boot sectors : Yes
Scan memory processes : Yes
Scan archives : Yes
Scan runtime packers : Yes
Scan emails : No
Scan all files : Yes
Heuristic Scan : Yes
Scanned extensions :
Excluded extensions :
Target Processing:Default action for infected objects : Disinfect
Default action for suspicious objects : None
Default action for hidden objects : None
Default action for encrypted infected objects : None
Default action for encrypted suspicious objects : None
Default action for password-protected objects : Log as not scanned
Scan engines summaryNumber of virus signatures : 3850203
Archive plugins : 44
Email plugins : 6
Scan plugins : 13
System plugins : 5
Unpack plugins : 7
Overall scan summaryScanned items : 34173
Infected items : 29
Suspicious items : 0
Resolved items : 0
Unresolved items : 29
Password-protected items : 0
Overcompressed items : 0
Individual viruses found : 29
Scanned directories : 470
Scanned boot sectors : 0
Scanned archives : 400
Input-output errors : 3
Scan time : 00:07:59
Files per second : 69
Scanned processes summaryScanned : 31
Infected : 0
Scanned registry keys summaryScanned : 833
Infected : 0
Scanned cookies summaryScanned : 11
Infected : 0
Remaining issues:Object Name Threat Name Final Status
\\?\globalroot\systemroot\system32\hjgruivyxviqmu.dll Trojan.CryptRedol.Gen.2 Disinfect Failed
\\?\globalroot\systemroot\system32\hjgruivyxviqmu.dll Trojan.CryptRedol.Gen.2 Disinfect Failed
\\?\globalroot\systemroot\system32\hjgruivyxviqmu.dll Trojan.CryptRedol.Gen.2 Disinfect Failed
\\?\globalroot\systemroot\system32\hjgruivyxviqmu.dll Trojan.CryptRedol.Gen.2 Disinfect Failed
\\?\globalroot\systemroot\system32\hjgruivyxviqmu.dll Trojan.CryptRedol.Gen.2 Disinfect Failed
\\?\globalroot\systemroot\system32\hjgruivyxviqmu.dll Trojan.CryptRedol.Gen.2 Disinfect Failed
\\?\globalroot\systemroot\system32\hjgruivyxviqmu.dll Trojan.CryptRedol.Gen.2 Disinfect Failed
\\?\globalroot\systemroot\system32\hjgruivyxviqmu.dll Trojan.CryptRedol.Gen.2 Disinfect Failed
\\?\globalroot\systemroot\system32\hjgruivyxviqmu.dll Trojan.CryptRedol.Gen.2 Disinfect Failed
\\?\globalroot\systemroot\system32\hjgruivyxviqmu.dll Trojan.CryptRedol.Gen.2 Disinfect Failed
\\?\globalroot\systemroot\system32\hjgruivyxviqmu.dll Trojan.CryptRedol.Gen.2 Disinfect Failed
\\?\globalroot\systemroot\system32\hjgruivyxviqmu.dll Trojan.CryptRedol.Gen.2 Disinfect Failed
\\?\globalroot\systemroot\system32\hjgruivyxviqmu.dll Trojan.CryptRedol.Gen.2 Disinfect Failed
\\?\globalroot\systemroot\system32\hjgruivyxviqmu.dll Trojan.CryptRedol.Gen.2 Disinfect Failed
\\?\globalroot\systemroot\system32\hjgruivyxviqmu.dll Trojan.CryptRedol.Gen.2 Disinfect Failed
\\?\globalroot\systemroot\system32\hjgruivyxviqmu.dll Trojan.CryptRedol.Gen.2 Disinfect Failed
\\?\globalroot\systemroot\system32\hjgruivyxviqmu.dll Trojan.CryptRedol.Gen.2 Disinfect Failed
\\?\globalroot\systemroot\system32\hjgruivyxviqmu.dll Trojan.CryptRedol.Gen.2 Disinfect Failed
\\?\globalroot\systemroot\system32\hjgruivyxviqmu.dll Trojan.CryptRedol.Gen.2 Disinfect Failed
\\?\globalroot\systemroot\system32\hjgruivyxviqmu.dll Trojan.CryptRedol.Gen.2 Disinfect Failed
\\?\globalroot\systemroot\system32\hjgruivyxviqmu.dll Trojan.CryptRedol.Gen.2 Disinfect Failed
\\?\globalroot\systemroot\system32\hjgruivyxviqmu.dll Trojan.CryptRedol.Gen.2 Disinfect Failed
\\?\globalroot\systemroot\system32\hjgruivyxviqmu.dll Trojan.CryptRedol.Gen.2 Disinfect Failed
\\?\globalroot\systemroot\system32\hjgruivyxviqmu.dll Trojan.CryptRedol.Gen.2 Disinfect Failed
\\?\globalroot\systemroot\system32\hjgruivyxviqmu.dll Trojan.CryptRedol.Gen.2 Disinfect Failed
\\?\globalroot\systemroot\system32\hjgruivyxviqmu.dll Trojan.CryptRedol.Gen.2 Disinfect Failed
\\?\globalroot\systemroot\system32\hjgruivyxviqmu.dll Trojan.CryptRedol.Gen.2 Disinfect Failed
\\?\globalroot\systemroot\system32\hjgruivyxviqmu.dll Trojan.CryptRedol.Gen.2 Disinfect Failed
\\?\globalroot\systemroot\system32\hjgruivyxviqmu.dll Trojan.CryptRedol.Gen.2 Disinfect Failed
and here's my HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:24:01 PM, on 7/27/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 SP3 (7.00.6000.20935)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\BitDefender\BitDefender 2009\uiscan.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone (HKLM)
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - https://www-secure.symantec.com/techsup ... gctlsr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 6467546140
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: Box_NTR v2.6A (.bntr) - Unknown owner - C:\Documents and Settings\All Users\Application Data\Norton\bntr.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
--
End of file - 6097 bytes
Thanks in advance for any help you guys can provide.