Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

WoW Error 132


  • This topic is locked This topic is locked
11 replies to this topic

#1 Shorty2675

Shorty2675

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:49 AM

Posted 03 April 2009 - 02:09 AM

Ok so... I have been trying to play World of Warcraft again and have tried to get help from the technical support of Blizzard... everything they have suggested has not helped at all. I have also reinstalled the game like 4 times now. I have tried to use Kaspersky, CS Anti-Virus, and Malwarebytes to find the virus's causing the problem. Oh btw the problem is.... I have installed and patched the game fully but everytime I try to login I get the message "Unable to Validate Version" as if my version for the game is wrong even though I know its right. So Blizzard said my files were infected or something so I ran those Anti-Virus's. Also whenever I close WoW I get error 132 which leads back to the WoW.exe file. I have found 5 trojans total and deleted them all. Then tried to reinstall the game afterwards. The game still is not working. I have done every little thing blizzard has told me to do but they have not been able to give me any solution so I am turning to other people who may know what type of virus is infecting my computer and how I can fix it. I have run out of ideas on what to do so it would be nice if someone could tell me how to fix my problem. Thank you.

Edited by Shorty2675, 03 April 2009 - 02:10 AM.


BC AdBot (Login to Remove)

 


#2 Shorty2675

Shorty2675
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:49 AM

Posted 03 April 2009 - 03:04 AM

Btw here is the error message.

==============================================================================
World of WarCraft (build 9551)

Exe: C:\Program Files\World of Warcraft\WoW.exe
Time: Apr 3, 2009 12:04:45.875 AM
User: AlexR
Computer: ALEX
------------------------------------------------------------------------------

This application has encountered a critical error:

ERROR #132 (0x85100084) Fatal Exception
Program: C:\Program Files\World of Warcraft\WoW.exe
Exception: 0xC0000005 (ACCESS_VIOLATION) at 001B:0092BF92

The instruction at "0x0092BF92" referenced memory at "0x2189A8FA".
The memory could not be "read".


WoWBuild: 9551
Settings:
------------------------------------------------------------------------------

----------------------------------------
x86 Registers
----------------------------------------

EAX=0092BFF9 EBX=00000001 ECX=0092BF90 EDX=7C90E4F4 ESI=01C449C8
EDI=9A3FB78B EBP=0019FED8 ESP=0019FEA4 EIP=0092BF92 FLG=00010286
CS =001B DS =0023 ES =0023 SS =0023 FS =003B GS =0000


----------------------------------------
Stack Trace (Manual)
----------------------------------------

Address Frame Logical addr Module

Showing 9/9 threads...

--- Thread ID: 3192 [Current Thread] ---
0092BF92 0019FED8 0001:0052AF92 C:\Program Files\World of Warcraft\WoW.exe
0040C2DD 0019FF24 0001:0000B2DD C:\Program Files\World of Warcraft\WoW.exe
0040C2BD 0019FFC0 0001:0000B2BD C:\Program Files\World of Warcraft\WoW.exe
7C817067 0019FFF0 0001:00016067 C:\WINDOWS\system32\kernel32.dll

--- Thread ID: 3860 ---
77DF8601 01BAFFB4 0001:00027601 C:\WINDOWS\system32\ADVAPI32.dll
7C80B713 01BAFFEC 0001:0000A713 C:\WINDOWS\system32\kernel32.dll

--- Thread ID: 964 ---
7C802542 01F4FF44 0001:00001542 C:\WINDOWS\system32\kernel32.dll
006BB325 01F4FF60 0001:002BA325 C:\Program Files\World of Warcraft\WoW.exe
006D56D5 01F4FF74 0001:002D46D5 C:\Program Files\World of Warcraft\WoW.exe
007EDBCF 01F4FFAC 0001:003ECBCF C:\Program Files\World of Warcraft\WoW.exe
007EDC74 01F4FFEC 0001:003ECC74 C:\Program Files\World of Warcraft\WoW.exe

--- Thread ID: 3880 ---
7C802455 0306FF4C 0001:00001455 C:\WINDOWS\system32\kernel32.dll
006BD254 0306FF74 0001:002BC254 C:\Program Files\World of Warcraft\WoW.exe
007EDBCF 0306FFAC 0001:003ECBCF C:\Program Files\World of Warcraft\WoW.exe
007EDC74 0306FFEC 0001:003ECC74 C:\Program Files\World of Warcraft\WoW.exe

--- Thread ID: 968 ---
7C80A105 062AFF88 0001:00009105 C:\WINDOWS\system32\kernel32.dll
72D2312A 062AFFB4 0001:0000212A C:\WINDOWS\system32\wdmaud.drv
7C80B713 062AFFEC 0001:0000A713 C:\WINDOWS\system32\kernel32.dll

--- Thread ID: 852 ---
71A55FA7 0835FC04 0001:00004FA7 C:\WINDOWS\system32\mswsock.dll
71AB314F 0835FC54 0001:0000214F C:\WINDOWS\system32\WS2_32.dll
780760ED 0835FFAC 0001:000250ED C:\WINDOWS\system32\WININET.dll
78072A68 0835FFB4 0001:00021A68 C:\WINDOWS\system32\WININET.dll
7C80B713 0835FFEC 0001:0000A713 C:\WINDOWS\system32\kernel32.dll

--- Thread ID: 1820 ---
7C80B713 0B87FFEC 0001:0000A713 C:\WINDOWS\system32\kernel32.dll

--- Thread ID: 152 ---
7C80B713 0B9EFFEC 0001:0000A713 C:\WINDOWS\system32\kernel32.dll

--- Thread ID: 3980 ---
7C80B713 0BB5FFEC 0001:0000A713 C:\WINDOWS\system32\kernel32.dll

----------------------------------------
Stack Trace (Using DBGHELP.DLL)
----------------------------------------

Showing 9/9 threads...

--- Thread ID: 3192 [Current Thread] ---
0092BF92 WoW.exe <unknown symbol>+0 (0x00000000,0x00000000,0x00000001,0x006AB318)

--- Thread ID: 3860 ---
77DF8601 ADVAPI32.dll WmiFreeBuffer+590 (0x00000000,0x7C91428F,0x00000000,0x00000000)
7C80B713 kernel32.dll GetModuleFileNameA+436 (0x77DF845A,0x00000000,0x00000000,0x78746341)

--- Thread ID: 964 ---
7C802542 kernel32.dll WaitForSingleObject+18 (0x0000214C,0xFFFFFFFF,0x01C49548,0x00000000)
006BB325 WoW.exe <unknown symbol>+0 (0x01C494C8,0x00000000,0x01C49548,0x01F4FFAC)
006D56D5 WoW.exe <unknown symbol>+0 (0x01C494E8,0x3A9FDDD3,0x00000000,0x01C49548)
007EDBCF WoW.exe <unknown symbol>+0 (0x00000000,0x7C80B713,0x01C49548,0x00000000)
007EDC74 WoW.exe <unknown symbol>+0 (0x007EDBF5,0x01C49548,0x00000000,0x00000008)

--- Thread ID: 3880 ---
7C802455 kernel32.dll Sleep+15 (0x00000064,0x31333539,0x020C22B0,0x020BFFC8)
006BD254 WoW.exe <unknown symbol>+0 (0x020BFFC8,0x386DDDD3,0x31333539,0x020C22B0)
007EDBCF WoW.exe <unknown symbol>+0 (0x01C42B00,0x7C80B713,0x020C22B0,0x31333539)
007EDC74 WoW.exe <unknown symbol>+0 (0x007EDBF5,0x020C22B0,0x00000000,0x00000000)

--- Thread ID: 968 ---
7C80A105 kernel32.dll WaitForMultipleObjects+24 (0x00000002,0x062AFFA4,0x00000000,0xFFFFFFFF)
72D2312A wdmaud.drv midMessage+840 (0x00000000,0x00000000,0x001C0000,0x00000000)
7C80B713 kernel32.dll GetModuleFileNameA+436 (0x72D230E8,0x00000000,0x00000000,0x00000000)

--- Thread ID: 852 ---
71A55FA7 mswsock.dll <unknown symbol>+0 (0x00000001,0x0835FE84,0x0835FC7C,0x0835FD80)
71AB314F WS2_32.dll select+167 (0x00000001,0x0835FE84,0x0835FC7C,0x0835FD80)
780760ED WININET.dll Ordinal101+10220 (0x0835FFEC,0x7C80B713,0x0025D0B8,0x0019F24C)
78072A68 WININET.dll InternetSetStatusCallback+473 (0x0025D0B8,0x0019F24C,0x001C0000,0x0025D0B8)
7C80B713 kernel32.dll GetModuleFileNameA+436 (0x78072A5B,0x0025D0B8,0x00000000,0x00000000)

--- Thread ID: 1820 ---
7C80B713 kernel32.dll GetModuleFileNameA+436 (0x7C927EBB,0x00000000,0x00000000,0x00000000)

--- Thread ID: 152 ---
7C80B713 kernel32.dll GetModuleFileNameA+436 (0x7C910230,0x00000000,0x00000000,0x00000000)

--- Thread ID: 3980 ---
7C80B713 kernel32.dll GetModuleFileNameA+436 (0x71A5D2C6,0x00289308,0x00000000,0x00000000)


----------------------------------------
Loaded Modules
----------------------------------------

0x003B0000 - 0x003B9000 C:\WINDOWS\system32\Normaliz.dll
0x00400000 - 0x01391000 C:\Program Files\World of Warcraft\WoW.exe
0x02150000 - 0x02265000 C:\Program Files\World of Warcraft\dbghelp.dll
0x02E70000 - 0x02ECB000 C:\WINDOWS\system32\nvapi.dll
0x10000000 - 0x10069000 C:\Program Files\World of Warcraft\DivxDecoder.dll
0x16080000 - 0x160A5000 C:\Program Files\Bonjour\mdnsNSP.dll
0x4FDD0000 - 0x4FF76000 C:\WINDOWS\system32\d3d9.dll
0x5AD70000 - 0x5ADA8000 C:\WINDOWS\system32\uxtheme.dll
0x5B860000 - 0x5B8B5000 C:\WINDOWS\system32\NETAPI32.dll
0x5D090000 - 0x5D12A000 C:\WINDOWS\system32\comctl32.dll
0x5ED00000 - 0x5EDCC000 C:\WINDOWS\system32\OPENGL32.dll
0x662B0000 - 0x66308000 C:\WINDOWS\system32\hnetcfg.dll
0x68000000 - 0x68036000 C:\WINDOWS\system32\rsaenh.dll
0x68B20000 - 0x68B40000 C:\WINDOWS\system32\GLU32.dll
0x6D710000 - 0x6D723000 C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll
0x6D730000 - 0x6D743000 C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
0x6D990000 - 0x6D996000 C:\WINDOWS\system32\d3d8thk.dll
0x71A50000 - 0x71A8F000 C:\WINDOWS\system32\mswsock.dll
0x71A90000 - 0x71A98000 C:\WINDOWS\System32\wshtcpip.dll
0x71AA0000 - 0x71AA8000 C:\WINDOWS\system32\WS2HELP.dll
0x71AB0000 - 0x71AC7000 C:\WINDOWS\system32\WS2_32.dll
0x71BF0000 - 0x71C03000 C:\WINDOWS\system32\SAMLIB.dll
0x722B0000 - 0x722B5000 C:\WINDOWS\system32\sensapi.dll
0x72D10000 - 0x72D18000 C:\WINDOWS\system32\msacm32.drv
0x72D20000 - 0x72D29000 C:\WINDOWS\system32\wdmaud.drv
0x73760000 - 0x737AB000 C:\WINDOWS\system32\DDRAW.dll
0x73BC0000 - 0x73BC6000 C:\WINDOWS\system32\DCIMAN32.dll
0x73EE0000 - 0x73EE4000 C:\WINDOWS\system32\KsUser.dll
0x73F10000 - 0x73F6C000 C:\WINDOWS\system32\dsound.dll
0x74720000 - 0x7476C000 C:\WINDOWS\system32\MSCTF.dll
0x755C0000 - 0x755EE000 C:\WINDOWS\system32\msctfime.ime
0x76390000 - 0x763AD000 C:\WINDOWS\system32\IMM32.dll
0x769C0000 - 0x76A74000 C:\WINDOWS\system32\USERENV.dll
0x76B40000 - 0x76B6D000 C:\WINDOWS\system32\WINMM.dll
0x76BF0000 - 0x76BFB000 C:\WINDOWS\system32\PSAPI.DLL
0x76C30000 - 0x76C5E000 C:\WINDOWS\system32\WINTRUST.dll
0x76C90000 - 0x76CB8000 C:\WINDOWS\system32\IMAGEHLP.dll
0x76D60000 - 0x76D79000 C:\WINDOWS\system32\iphlpapi.dll
0x76E80000 - 0x76E8E000 C:\WINDOWS\system32\rtutils.dll
0x76E90000 - 0x76EA2000 C:\WINDOWS\system32\rasman.dll
0x76EB0000 - 0x76EDF000 C:\WINDOWS\system32\TAPI32.dll
0x76EE0000 - 0x76F1C000 C:\WINDOWS\system32\RASAPI32.dll
0x76F20000 - 0x76F47000 C:\WINDOWS\system32\DNSAPI.dll
0x76F60000 - 0x76F8C000 C:\WINDOWS\system32\WLDAP32.dll
0x76FB0000 - 0x76FB8000 C:\WINDOWS\System32\winrnr.dll
0x76FC0000 - 0x76FC6000 C:\WINDOWS\system32\rasadhlp.dll
0x77120000 - 0x771AB000 C:\WINDOWS\system32\OLEAUT32.dll
0x773D0000 - 0x774D3000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x774E0000 - 0x7761D000 C:\WINDOWS\system32\ole32.dll
0x77690000 - 0x776B1000 C:\WINDOWS\system32\NTMARTA.DLL
0x77920000 - 0x77A13000 C:\WINDOWS\system32\SETUPAPI.dll
0x77A80000 - 0x77B15000 C:\WINDOWS\system32\CRYPT32.dll
0x77B20000 - 0x77B32000 C:\WINDOWS\system32\MSASN1.dll
0x77BD0000 - 0x77BD7000 C:\WINDOWS\system32\midimap.dll
0x77BE0000 - 0x77BF5000 C:\WINDOWS\system32\MSACM32.dll
0x77C00000 - 0x77C08000 C:\WINDOWS\system32\VERSION.dll
0x77C10000 - 0x77C68000 C:\WINDOWS\system32\msvcrt.dll
0x77C70000 - 0x77C94000 C:\WINDOWS\system32\msv1_0.dll
0x77DD0000 - 0x77E6B000 C:\WINDOWS\system32\ADVAPI32.dll
0x77E70000 - 0x77F02000 C:\WINDOWS\system32\RPCRT4.dll
0x77F10000 - 0x77F59000 C:\WINDOWS\system32\GDI32.dll
0x77F60000 - 0x77FD6000 C:\WINDOWS\system32\SHLWAPI.dll
0x77FE0000 - 0x77FF1000 C:\WINDOWS\system32\Secur32.dll
0x78000000 - 0x78045000 C:\WINDOWS\system32\iertutil.dll
0x78050000 - 0x78120000 C:\WINDOWS\system32\WININET.dll
0x78130000 - 0x78257000 C:\WINDOWS\system32\urlmon.dll
0x7C800000 - 0x7C8F6000 C:\WINDOWS\system32\kernel32.dll
0x7C900000 - 0x7C9AF000 C:\WINDOWS\system32\ntdll.dll
0x7C9C0000 - 0x7D1D7000 C:\WINDOWS\system32\SHELL32.dll
0x7E410000 - 0x7E4A1000 C:\WINDOWS\system32\USER32.dll


----------------------------------------
Memory Dump
----------------------------------------

Code: 16 bytes starting at (EIP = 0092BF92)

0092BF92: FF 90 01 E9 F6 20 F8 FF CC CC CC CC CC CC B9 94 ..... ..........


Stack: 1024 bytes starting at (ESP = 0019FEA4)

* = addr ** *
0019FEA0: 00 00 00 00 4E C2 40 00 A7 DC 72 3B 1B BB C7 9A ....N.@...r;....
0019FEB0: 24 4A C4 01 01 00 00 00 C8 49 C4 01 18 3C C4 01 $J.......I...<..
0019FEC0: A8 FE 19 00 CC FA 19 00 14 FF 19 00 30 D5 40 00 ............0.@.
0019FED0: 8F 5A F0 3B 00 00 00 00 24 FF 19 00 DD C2 40 00 .Z.;....$.....@.
0019FEE0: 00 00 00 00 00 00 00 00 01 00 00 00 18 B3 6A 00 ..............j.
0019FEF0: 4E C2 40 00 5B DD 72 3B 28 0A 00 00 02 00 00 00 N.@.[.r;(.......
0019FF00: 01 00 00 00 24 4A C4 01 18 3C C4 01 F4 FE 19 00 ....$J...<......
0019FF10: CC FA 19 00 B0 FF 19 00 30 D5 40 00 8F 5A F0 3B ........0.@..Z.;
0019FF20: 00 00 00 00 C0 FF 19 00 BD C2 40 00 00 00 00 00 ..........@.....
0019FF30: 00 00 00 00 00 00 00 00 C8 AB 40 00 00 00 00 00 ..........@.....
0019FF40: BF DD 72 3B A8 B8 12 00 50 D9 90 7C 00 80 FD 7F ..r;....P..|....
0019FF50: 44 00 00 00 80 44 1C 00 90 44 1C 00 A8 44 1C 00 D....D...D...D..
0019FF60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0019FF70: 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ................
0019FF80: 01 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF ................
0019FF90: FF FF FF FF 05 00 00 C0 01 00 00 00 05 00 00 00 ................
0019FFA0: 00 00 00 00 00 00 00 00 40 FF 19 00 CC FA 19 00 ........@.......
0019FFB0: E0 FF 19 00 30 D5 40 00 D7 5A F0 3B 01 00 00 00 ....0.@..Z.;....
0019FFC0: F0 FF 19 00 67 70 81 7C A8 B8 12 00 50 D9 90 7C ....gp.|....P..|
0019FFD0: 00 80 FD 7F 05 00 00 C0 C8 FF 19 00 C8 FA 19 00 ................
0019FFE0: FF FF FF FF C0 9A 83 7C 70 70 81 7C 00 00 00 00 .......|pp.|....
0019FFF0: 00 00 00 00 00 00 00 00 00 10 40 00 00 00 00 00 ..........@.....
001A0000: 41 63 74 78 20 00 00 00 01 00 00 00 98 24 00 00 Actx ........$..
001A0010: C4 00 00 00 00 00 00 00 20 00 00 00 00 00 00 00 ........ .......
001A0020: 14 00 00 00 01 00 00 00 06 00 00 00 34 00 00 00 ............4...
001A0030: 14 01 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ................
001A0040: 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 ................
001A0050: 00 00 00 00 00 00 00 00 00 00 00 00 14 02 00 00 ................
001A0060: 9C 01 00 00 00 00 00 00 5B 49 59 2D B0 03 00 00 ........[IY-....
001A0070: 32 00 00 00 E4 03 00 00 D2 02 00 00 00 00 00 00 2...............
001A0080: E4 02 02 83 B8 06 00 00 46 00 00 00 00 07 00 00 ........F.......
001A0090: EA 02 00 00 00 00 00 00 D2 D5 8C D1 EC 09 00 00 ................
001A00A0: 46 00 00 00 34 0A 00 00 EA 02 00 00 00 00 00 00 F...4...........
001A00B0: 2E AD 6A D8 20 0D 00 00 46 00 00 00 68 0D 00 00 ..j. ...F...h...
001A00C0: 04 03 00 00 10 00 00 00 04 00 00 00 D4 00 00 00 ................
001A00D0: 02 00 00 00 01 00 00 00 14 01 00 00 8C 0F 00 00 ................
001A00E0: 01 00 00 00 02 00 00 00 A0 10 00 00 2C 03 00 00 ............,...
001A00F0: 01 00 00 00 04 00 00 00 CC 13 00 00 50 10 00 00 ............P...
001A0100: 02 00 00 00 06 00 00 00 1C 24 00 00 7C 00 00 00 .........$..|...
001A0110: 02 00 00 00 53 73 48 64 2C 00 00 00 01 00 00 00 ....SsHd,.......
001A0120: 01 00 00 00 01 00 00 00 05 00 00 00 88 00 00 00 ................
001A0130: 01 00 00 00 58 0F 00 00 2C 00 00 00 5A 00 00 00 ....X...,...Z...
001A0140: 5A 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Z...............
001A0150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
001A0160: 00 00 00 00 00 00 00 00 02 00 00 00 24 00 00 00 ............$...
001A0170: 34 00 00 00 43 00 3A 00 5C 00 57 00 49 00 4E 00 4...C.:.\.W.I.N.
001A0180: 44 00 4F 00 57 00 53 00 5C 00 57 00 69 00 6E 00 D.O.W.S.\.W.i.n.
001A0190: 53 00 78 00 73 00 5C 00 00 00 00 00 00 00 00 00 S.x.s.\.........
001A01A0: 00 00 00 00 00 00 00 00 00 01 00 00 9C 01 00 00 ................
001A01B0: 01 00 00 00 5B 49 59 2D 9C 02 00 00 32 00 00 00 ....[IY-....2...
001A01C0: D0 02 00 00 D2 02 00 00 02 00 00 00 E4 02 02 83 ................
001A01D0: A4 05 00 00 46 00 00 00 EC 05 00 00 EA 02 00 00 ....F...........
001A01E0: 03 00 00 00 D2 D5 8C D1 D8 08 00 00 46 00 00 00 ............F...
001A01F0: 20 09 00 00 EA 02 00 00 04 00 00 00 2E AD 6A D8 .............j.
001A0200: 0C 0C 00 00 46 00 00 00 54 0C 00 00 04 03 00 00 ....F...T.......
001A0210: 05 00 00 00 64 00 00 00 01 00 00 00 0A 01 00 00 ....d...........
001A0220: 64 01 00 00 02 00 00 00 2C 00 00 00 6E 02 00 00 d.......,...n...
001A0230: 90 70 0D 59 84 B2 C9 01 01 00 00 00 00 00 00 00 .p.Y............
001A0240: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
001A0250: 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 ................
001A0260: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
001A0270: 00 00 00 00 00 00 00 00 4D 00 69 00 63 00 72 00 ........M.i.c.r.
001A0280: 6F 00 73 00 6F 00 66 00 74 00 2E 00 57 00 69 00 o.s.o.f.t...W.i.
001A0290: 6E 00 64 00 6F 00 77 00 73 00 2E 00 53 00 79 00 n.d.o.w.s...S.y.
001A02A0: 73 00 74 00 65 00 6D 00 43 00 6F 00 6D 00 70 00 s.t.e.m.C.o.m.p.


------------------------------------------------------------------------------

Not sure if this will help or not.

#3 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:02:49 AM

Posted 03 April 2009 - 05:40 AM

Post some of the AV and MBAM logs showing names and locations of those trojans found, if appropriate just copy and paste pertinent parts.

A fresh updated MBAM log also

Please download Malwarebytes Anti-Malware (v1.35) and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

Edited by DaChew, 03 April 2009 - 05:40 AM.

Chewy

No. Try not. Do... or do not. There is no try.

#4 Shorty2675

Shorty2675
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:49 AM

Posted 03 April 2009 - 11:16 AM

I already said I used Malewarebytes on my computer dude and it only found adware. The anti-virus that found the trojans was Kaspersky and I dont know how to show the trojans from that.

#5 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:02:49 AM

Posted 03 April 2009 - 03:36 PM

We can't help without more information and logs, run a full scan with an updated MBAM, I want the full log
Chewy

No. Try not. Do... or do not. There is no try.

#6 Shorty2675

Shorty2675
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:49 AM

Posted 05 April 2009 - 10:06 AM

How am I suppose to give you a infected log if Malewarebytes cant find the virus?

#7 Shorty2675

Shorty2675
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:49 AM

Posted 05 April 2009 - 10:14 AM

Here is the log from when I first ever used the Malwarebyte to try and solve this problem.

Malwarebytes' Anti-Malware 1.35
Database version: 1922
Windows 5.1.2600 Service Pack 2

3/30/2009 9:39:41 PM
mbam-log-2009-03-30 (21-39-41).txt

Scan type: Full Scan (C:\|)
Objects scanned: 138943
Time elapsed: 37 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 50
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 20
Files Infected: 13

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\shoppingreport.hbax (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{e343edfc-1e6c-4cb5-aa29-e9c922641c80} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d8560ac2-21b5-4c1a-bdd4-bd12bc83b082} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{20ea9658-6bc3-4599-a87d-6371fe9295fc} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a16ad1e9-f69a-45af-9462-b1c286708842} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c9ccbb35-d123-4a31-affc-9b2933132116} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbax.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebutton (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebutton.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8ad9ad05-36be-4e40-ba62-5422eb0d02fb} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{aebf09e2-0c15-43c8-99bf-928c645d98a0} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{cdca70d8-c6a6-49ee-9bed-7429d6c477a2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d136987f-e1c4-4ccc-a220-893df03ec5df} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\shoppingreport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\ (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\AlexR\Application Data\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\AlexR\Application Data\ShoppingReport\cs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\AlexR\Application Data\ShoppingReport\cs\db (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\AlexR\Application Data\ShoppingReport\cs\dwld (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\AlexR\Application Data\ShoppingReport\cs\report (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\AlexR\Application Data\ShoppingReport\cs\res2 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport\Bin (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport\Bin\2.5.0 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\AlexR\Application Data\FunWebProducts (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Documents and Settings\AlexR\Application Data\FunWebProducts\Data (Adware.MyWay) -> Quarantined and deleted successfully.
C:\Documents and Settings\AlexR\Application Data\FunWebProducts\Data\AlexR (Adware.MyWay) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-854245398-1614895754-839522115-1004\Dc530.exe (Adware.Zango) -> Quarantined and deleted successfully.
C:\Documents and Settings\AlexR\Application Data\ShoppingReport\cs\Config.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\AlexR\Application Data\ShoppingReport\cs\db\Aliases.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\AlexR\Application Data\ShoppingReport\cs\db\Sites.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\AlexR\Application Data\ShoppingReport\cs\dwld\WhiteList.xip (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\AlexR\Application Data\ShoppingReport\cs\report\aggr_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\AlexR\Application Data\ShoppingReport\cs\report\send_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Documents and Settings\AlexR\Application Data\ShoppingReport\cs\res2\WhiteList.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Program Files\ShoppingReport\Uninst.exe (Adware.Shopping.Report) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History\search2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\AlexR\Application Data\FunWebProducts\Data\AlexR\avatar.dat (Adware.MyWay) -> Quarantined and deleted successfully.

#8 Shorty2675

Shorty2675
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:49 AM

Posted 05 April 2009 - 10:18 AM

The trojans were not found with this anti-virus scanner. They were all found by Kaspersky but I dont know how to post the logs from kaspersky or even how to find them.

#9 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:02:49 AM

Posted 05 April 2009 - 11:34 AM

Here's a guide

http://forum.kaspersky.com/index.php?showtopic=71877
Chewy

No. Try not. Do... or do not. There is no try.

#10 Shorty2675

Shorty2675
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:49 AM

Posted 05 April 2009 - 02:18 PM

Still dont see anything about how to report the logs.

#11 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:02:49 AM

Posted 05 April 2009 - 06:14 PM

Click on the Save button in order to export the current report to a .txt or .csv file.


Chewy

No. Try not. Do... or do not. There is no try.

#12 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,949 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:02:49 AM

Posted 05 April 2009 - 08:01 PM

Hello Shorty2675,

I see that you have an HJT log posted here: http://www.bleepingcomputer.com/forums/t/217053/dont-know-what-is-infecting/


We do not allow more than one topic for the same computer and the same issue as this causes confusion, and in this case may make the disinfection process more difficult.

This leaves you with a choice:

1) Have this thread reopened and the HiJack This log topic deleted

OR


2) Keep this thread closed and wait for assistance in the HiJack This log forum. Please note that that forum is VERY busy.

Please send a Private Message indicating your choice.

Assuming you wish assistance in the HiJack This forum, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the HJT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users