I thougt trend micro office scan was my antivirus sofware. But I have now downloaded and installed nr. 1 you suggested.
should I delete trend micro ?
here is the log
ComboFix 08-11-18.03 - Katrin 2008-11-24 0:13:28.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.335 [GMT 0:00]
Running from: c:\documents and settings\Katrin\Desktop\-Combo-Fix-.exe
Command switches used :: c:\documents and settings\Katrin\Desktop\CFscript.txt
* Created a new restore point
FILE ::
c:\docume~1\Katrin\LOCALS~1\Temp\TMP4352$.TMP
c:\documents and settings\All Users\Application Data\hurefa.pif
c:\documents and settings\All Users\Application Data\ulybi.com
c:\documents and settings\All Users\Application Data\yfojuxy.bat
c:\documents and settings\Katrin\delself.bat
c:\program files\Common Files\jabylyw.scr
c:\program files\Common Files\otuvamyzev.bin
c:\program files\Common Files\usatujuro.vbs
c:\program files\Common Files\xeqakejacy.vbs
c:\windows\amuli.ban
c:\windows\eteloh.exe
c:\windows\icyjywuqid.lib
c:\windows\lylasykedo.bin
c:\windows\SYSTEM32\afuci.dll
c:\windows\SYSTEM32\asyqapyk.bin
c:\windows\SYSTEM32\cywo.exe
c:\windows\SYSTEM32\DLLCACHE\figaro_b40.VIR
c:\windows\SYSTEM32\jujaz.pif
c:\windows\SYSTEM32\peni.exe
c:\windows\SYSTEM32\uwawonoqos.pif
c:\windows\tuxucerys.sys
c:\windows\xabyj._dl
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\hurefa.pif
c:\documents and settings\All Users\Application Data\ulybi.com
c:\documents and settings\All Users\Application Data\yfojuxy.bat
c:\documents and settings\Katrin\delself.bat
c:\program files\Common Files\jabylyw.scr
c:\program files\Common Files\otuvamyzev.bin
c:\program files\Common Files\usatujuro.vbs
c:\program files\Common Files\xeqakejacy.vbs
c:\windows\amuli.ban
c:\windows\eteloh.exe
c:\windows\icyjywuqid.lib
c:\windows\lylasykedo.bin
c:\windows\SYSTEM32\afuci.dll
c:\windows\SYSTEM32\asyqapyk.bin
c:\windows\SYSTEM32\cywo.exe
c:\windows\SYSTEM32\DLLCACHE\figaro_b40.VIR
c:\windows\SYSTEM32\jujaz.pif
c:\windows\SYSTEM32\peni.exe
c:\windows\SYSTEM32\uwawonoqos.pif
c:\windows\tuxucerys.sys
c:\windows\xabyj._dl
.
((((((((((((((((((((((((( Files Created from 2008-10-24 to 2008-11-24 )))))))))))))))))))))))))))))))
.
2008-11-24 00:12 . 2008-11-24 00:16 d-------- C:\-Combo-Fix-
2008-11-23 18:24 . 2008-11-23 18:24 19,777 --a------ c:\windows\binaly._sy
2008-11-23 18:24 . 2008-11-23 18:24 17,923 --a------ c:\windows\wypyca._sy
2008-11-23 18:24 . 2008-11-23 18:24 16,697 --a------ c:\windows\qafupu._dl
2008-11-23 18:24 . 2008-11-23 18:24 16,444 --a------ c:\windows\SYSTEM32\wawoduw.dat
2008-11-23 18:24 . 2008-11-23 18:24 16,153 --a------ c:\windows\odiputyro._sy
2008-11-23 18:24 . 2008-11-23 18:24 13,386 --a------ c:\windows\zydo.dat
2008-11-23 18:24 . 2008-11-23 18:24 11,543 --a------ c:\windows\vimigal._dl
2008-11-23 18:24 . 2008-11-23 18:24 11,376 --a------ c:\windows\wevu.lib
2008-11-12 09:35 . 2008-10-24 11:21 455,296 --------- c:\windows\SYSTEM32\DLLCACHE\mrxsmb.sys
2008-11-12 09:33 . 2008-09-04 17:15 1,106,944 --------- c:\windows\SYSTEM32\DLLCACHE\msxml3.dll
2008-10-25 04:31 . 2008-10-15 16:34 337,408 --------- c:\windows\SYSTEM32\DLLCACHE\netapi32.dll
2008-10-24 15:49 . 2008-10-24 15:49 d-------- c:\windows\SYSTEM32\scripting
2008-10-24 15:49 . 2008-10-24 15:49 d-------- c:\windows\SYSTEM32\en
2008-10-24 15:49 . 2008-10-24 15:49 d-------- c:\windows\SYSTEM32\bits
2008-10-24 15:49 . 2008-10-24 15:49 d-------- c:\windows\l2schemas
2008-10-24 15:39 . 2008-10-24 15:51 d-------- c:\windows\ServicePackFiles
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-23 22:19 --------- d-----w c:\program files\Ordabok
2008-11-22 20:39 --------- d-----w c:\documents and settings\Katrin\Application Data\uTorrent
2008-11-22 20:39 --------- d-----w c:\documents and settings\Katrin\Application Data\LimeWire
2008-10-24 17:52 --------- d-----w c:\program files\MSN Messenger
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-21 23:09 --------- d-----w c:\program files\LimeWire
2008-09-15 12:12 1,846,400 ----a-w c:\windows\SYSTEM32\win32k.sys
2008-09-15 12:12 1,846,400 ------w c:\windows\SYSTEM32\DLLCACHE\win32k.sys
2008-09-10 01:14 1,307,648 ------w c:\windows\SYSTEM32\msxml6.dll
2008-09-10 01:14 1,307,648 ------w c:\windows\SYSTEM32\DLLCACHE\msxml6.dll
2008-09-08 10:41 333,824 ------w c:\windows\SYSTEM32\DLLCACHE\srv.sys
2008-09-04 17:15 1,106,944 ----a-w c:\windows\SYSTEM32\msxml3.dll
2008-02-15 22:01 61,480 ----a-w c:\documents and settings\Katrin\GoToAssistDownloadHelper.exe
2004-08-11 16:27 4,128 ----a-w c:\program files\INFCACHE.1
.
((((((((((((((((((((((((((((( snapshot@2008-11-23_22.32.33.90 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-08-31 15:18:42 172,099 ----a-w c:\windows\temp\FAF8DD.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-02-15 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-02-15 126976]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"OfficeScanNT Monitor"="c:\program files\Trend Micro\OfficeScan Client\pccntmon.exe" [2005-08-31 335872]
"LogitechGalleryRepair"="c:\program files\Logitech\ImageStudio\ISStart.exe" [2002-12-10 155648]
"LogitechImageStudioTray"="c:\program files\Logitech\ImageStudio\LogiTray.exe" [2002-12-10 61440]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-28 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 443968]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2004-12-22 45056]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-08-24 67128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.mxmc"= MimicICM.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\WINDOWS\\PCHEALTH\\HELPCTR\\BINARIES\\HelpCtr.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
.
Contents of the 'Scheduled Tasks' folder
2008-11-21 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2006\SystemOptimizer.exe [2005-09-21 22:35]
2008-11-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
2008-11-23 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-24 00:16:37
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-11-24 0:18:03
ComboFix-quarantined-files.txt 2008-11-24 00:17:32
ComboFix2.txt 2008-11-23 22:33:17
Pre-Run: 5.658.140.672 bytes free
Post-Run: 5,642,436,608 bytes free
159 --- E O F --- 2008-11-12 14:19:02
should I delete trend micro ?
here is the log
ComboFix 08-11-18.03 - Katrin 2008-11-24 0:13:28.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.335 [GMT 0:00]
Running from: c:\documents and settings\Katrin\Desktop\-Combo-Fix-.exe
Command switches used :: c:\documents and settings\Katrin\Desktop\CFscript.txt
* Created a new restore point
FILE ::
c:\docume~1\Katrin\LOCALS~1\Temp\TMP4352$.TMP
c:\documents and settings\All Users\Application Data\hurefa.pif
c:\documents and settings\All Users\Application Data\ulybi.com
c:\documents and settings\All Users\Application Data\yfojuxy.bat
c:\documents and settings\Katrin\delself.bat
c:\program files\Common Files\jabylyw.scr
c:\program files\Common Files\otuvamyzev.bin
c:\program files\Common Files\usatujuro.vbs
c:\program files\Common Files\xeqakejacy.vbs
c:\windows\amuli.ban
c:\windows\eteloh.exe
c:\windows\icyjywuqid.lib
c:\windows\lylasykedo.bin
c:\windows\SYSTEM32\afuci.dll
c:\windows\SYSTEM32\asyqapyk.bin
c:\windows\SYSTEM32\cywo.exe
c:\windows\SYSTEM32\DLLCACHE\figaro_b40.VIR
c:\windows\SYSTEM32\jujaz.pif
c:\windows\SYSTEM32\peni.exe
c:\windows\SYSTEM32\uwawonoqos.pif
c:\windows\tuxucerys.sys
c:\windows\xabyj._dl
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\hurefa.pif
c:\documents and settings\All Users\Application Data\ulybi.com
c:\documents and settings\All Users\Application Data\yfojuxy.bat
c:\documents and settings\Katrin\delself.bat
c:\program files\Common Files\jabylyw.scr
c:\program files\Common Files\otuvamyzev.bin
c:\program files\Common Files\usatujuro.vbs
c:\program files\Common Files\xeqakejacy.vbs
c:\windows\amuli.ban
c:\windows\eteloh.exe
c:\windows\icyjywuqid.lib
c:\windows\lylasykedo.bin
c:\windows\SYSTEM32\afuci.dll
c:\windows\SYSTEM32\asyqapyk.bin
c:\windows\SYSTEM32\cywo.exe
c:\windows\SYSTEM32\DLLCACHE\figaro_b40.VIR
c:\windows\SYSTEM32\jujaz.pif
c:\windows\SYSTEM32\peni.exe
c:\windows\SYSTEM32\uwawonoqos.pif
c:\windows\tuxucerys.sys
c:\windows\xabyj._dl
.
((((((((((((((((((((((((( Files Created from 2008-10-24 to 2008-11-24 )))))))))))))))))))))))))))))))
.
2008-11-24 00:12 . 2008-11-24 00:16
2008-11-23 18:24 . 2008-11-23 18:24 19,777 --a------ c:\windows\binaly._sy
2008-11-23 18:24 . 2008-11-23 18:24 17,923 --a------ c:\windows\wypyca._sy
2008-11-23 18:24 . 2008-11-23 18:24 16,697 --a------ c:\windows\qafupu._dl
2008-11-23 18:24 . 2008-11-23 18:24 16,444 --a------ c:\windows\SYSTEM32\wawoduw.dat
2008-11-23 18:24 . 2008-11-23 18:24 16,153 --a------ c:\windows\odiputyro._sy
2008-11-23 18:24 . 2008-11-23 18:24 13,386 --a------ c:\windows\zydo.dat
2008-11-23 18:24 . 2008-11-23 18:24 11,543 --a------ c:\windows\vimigal._dl
2008-11-23 18:24 . 2008-11-23 18:24 11,376 --a------ c:\windows\wevu.lib
2008-11-12 09:35 . 2008-10-24 11:21 455,296 --------- c:\windows\SYSTEM32\DLLCACHE\mrxsmb.sys
2008-11-12 09:33 . 2008-09-04 17:15 1,106,944 --------- c:\windows\SYSTEM32\DLLCACHE\msxml3.dll
2008-10-25 04:31 . 2008-10-15 16:34 337,408 --------- c:\windows\SYSTEM32\DLLCACHE\netapi32.dll
2008-10-24 15:49 . 2008-10-24 15:49
2008-10-24 15:49 . 2008-10-24 15:49
2008-10-24 15:49 . 2008-10-24 15:49
2008-10-24 15:49 . 2008-10-24 15:49
2008-10-24 15:39 . 2008-10-24 15:51
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-23 22:19 --------- d-----w c:\program files\Ordabok
2008-11-22 20:39 --------- d-----w c:\documents and settings\Katrin\Application Data\uTorrent
2008-11-22 20:39 --------- d-----w c:\documents and settings\Katrin\Application Data\LimeWire
2008-10-24 17:52 --------- d-----w c:\program files\MSN Messenger
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-21 23:09 --------- d-----w c:\program files\LimeWire
2008-09-15 12:12 1,846,400 ----a-w c:\windows\SYSTEM32\win32k.sys
2008-09-15 12:12 1,846,400 ------w c:\windows\SYSTEM32\DLLCACHE\win32k.sys
2008-09-10 01:14 1,307,648 ------w c:\windows\SYSTEM32\msxml6.dll
2008-09-10 01:14 1,307,648 ------w c:\windows\SYSTEM32\DLLCACHE\msxml6.dll
2008-09-08 10:41 333,824 ------w c:\windows\SYSTEM32\DLLCACHE\srv.sys
2008-09-04 17:15 1,106,944 ----a-w c:\windows\SYSTEM32\msxml3.dll
2008-02-15 22:01 61,480 ----a-w c:\documents and settings\Katrin\GoToAssistDownloadHelper.exe
2004-08-11 16:27 4,128 ----a-w c:\program files\INFCACHE.1
.
((((((((((((((((((((((((((((( snapshot@2008-11-23_22.32.33.90 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-08-31 15:18:42 172,099 ----a-w c:\windows\temp\FAF8DD.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-02-15 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-02-15 126976]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"OfficeScanNT Monitor"="c:\program files\Trend Micro\OfficeScan Client\pccntmon.exe" [2005-08-31 335872]
"LogitechGalleryRepair"="c:\program files\Logitech\ImageStudio\ISStart.exe" [2002-12-10 155648]
"LogitechImageStudioTray"="c:\program files\Logitech\ImageStudio\LogiTray.exe" [2002-12-10 61440]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-28 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 443968]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2004-12-22 45056]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-08-24 67128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.mxmc"= MimicICM.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\WINDOWS\\PCHEALTH\\HELPCTR\\BINARIES\\HelpCtr.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
.
Contents of the 'Scheduled Tasks' folder
2008-11-21 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2006\SystemOptimizer.exe [2005-09-21 22:35]
2008-11-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
2008-11-23 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-24 00:16:37
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-11-24 0:18:03
ComboFix-quarantined-files.txt 2008-11-24 00:17:32
ComboFix2.txt 2008-11-23 22:33:17
Pre-Run: 5.658.140.672 bytes free
Post-Run: 5,642,436,608 bytes free
159 --- E O F --- 2008-11-12 14:19:02