Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vundo Infection


  • Please log in to reply
12 replies to this topic

#1 psypher

psypher

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 08 April 2009 - 03:26 PM

Hi,
My laptop (runs on XP Pro) seems to be infected with vundo. I started getting pop-ups a few days back and performance degraded significantly. I downloaded malwarebytes and the quick scan showed several vundo items. I let malwarebytes remove them and on reboot I ran a quick scan again. It still shows several vundo files that malwarebytes is not able to remove. I downloaded vundofix and ran a scan, but it showed 0 infected files. Only malwarebytes scan is showing the infected files, but it is not able to remove them. I am still getting lots of popups and performance has really gone down.

Since I didn't want to try combofix without supervision, I wanted to come ask in this forum first.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,566 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:25 AM

Posted 08 April 2009 - 09:57 PM

Hello and welcome psypher, We need to see the logs so we can figure the next move.
Rerun MBAM

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan.
After scan click Remove Selected, Post new scan log and Reboot into normal mode.


Next run ATF and SAS:
From your regular user account..
Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..
DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining
.
Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.

Now reboot into Safe Mode: How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or Opera browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program
.

NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.


Please ask any needed questions,post log and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 psypher

psypher
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 09 April 2009 - 02:57 PM

Hi boopme,
Thanks for the detailed reply. I will do all that you suggested and post the logs as soon as I'm done.

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,566 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:25 AM

Posted 09 April 2009 - 03:39 PM

You're welcome ,I'll wait for your logs.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 psypher

psypher
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 10 April 2009 - 07:46 PM

Hi boopme,
I completed all the steps.

1) Here is the log from malwarebytes after it finished removing selected and before it rebooted:

***********************************************************
Malwarebytes' Anti-Malware 1.36
Database version: 1963
Windows 5.1.2600 Service Pack 3

4/10/2009 4:51:52 PM
mbam-log-2009-04-10 (16-51-52).txt

Scan type: Quick Scan
Objects scanned: 102154
Time elapsed: 15 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 4
Registry Keys Infected: 5
Registry Values Infected: 4
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 19

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\jisolali.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\zedozugu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\zinowile.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\Documents and Settings\All Users\Application Data\lamenera\lamenera.dll (Trojan.BHO) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8fbae4b3-9ba3-4f6e-baaf-29e895b259c0} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{8fbae4b3-9ba3-4f6e-baaf-29e895b259c0} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8fbae4b3-9ba3-4f6e-baaf-29e895b259c0} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\galodadela (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.BHO) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpme3534964 (Trojan.Agent) -> Delete on reboot.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\jisolali.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\jisolali.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.BHO) -> Data: c:\docume~1\alluse~1\applic~1\lamenera\lamenera.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\zedozugu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\zinowile.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\jisolali.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\Documents and Settings\All Users\Application Data\lamenera\lamenera.dll (Trojan.BHO) -> Delete on reboot.
C:\WINDOWS\system32\fawaputu.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kobemama.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pawukiwu.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\poveyawi.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sivipiga.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bofofevu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gamosiwo.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lasefoye.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\votoselu.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jetebusu.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zotemiso.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gelarijo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mezutilo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nefaneji.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\biheseya.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
*******************************************************************************************************

2) Here is the log from the superantispyware scan:
***********************************************************
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/10/2009 at 08:10 PM

Application Version : 4.26.1000

Core Rules Database Version : 3838
Trace Rules Database Version: 1794

Scan type : Complete Scan
Total Scan Time : 01:58:25

Memory items scanned : 188
Memory threats detected : 0
Registry items scanned : 7246
Registry threats detected : 2
File items scanned : 213509
File threats detected : 19

Rootkit.TDSServ
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSserv.sys
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDSSserv.sys

Adware.Vundo/Variant-81K
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\DEGEJIBA\DEGEJIBA.DLL

Adware.Vundo/Variant
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\TOPAPOPE\TOPAPOPE.DLL
C:\WINDOWS\SYSTEM32\DONOJAWI.DLL
C:\WINDOWS\SYSTEM32\SIDUVUNI.DLL
C:\WINDOWS\SYSTEM32\SUBABALA.DLL

Adware.Vundo/Variant-Empia
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\VAWUPOMI\VAWUPOMI.DLL
C:\WINDOWS\SYSTEM32\FIZEVISI.DLL
C:\WINDOWS\SYSTEM32\LISIFINA.DLL
C:\WINDOWS\SYSTEM32\WIZEJIMI.DLL

Adware.Vundo/Variant-ICQ
C:\WINDOWS\SYSTEM32\BOMEJONU.DLL
C:\WINDOWS\SYSTEM32\MIRAWIZE.DLL
C:\WINDOWS\SYSTEM32\ROYOMUYA.DLL
C:\WINDOWS\SYSTEM32\ZELADUGU.DLL

Adware.Vundo/Variant-50
C:\WINDOWS\SYSTEM32\FOBUNAYI.DLL

Adware.Vundo/Variant-EC
C:\WINDOWS\SYSTEM32\LINANOTU.DLL
C:\WINDOWS\SYSTEM32\RONIHUNI.DLL
C:\WINDOWS\SYSTEM32\YIFIROSO.DLL

Adware.Vundo/Variant-Flash
C:\WINDOWS\SYSTEM32\LUYEMITU.DLL

Adware.Vundo/Variant-81x
C:\WINDOWS\SYSTEM32\TEJONUBO.DLL

***********************************************************

I am posting this right after rebooting and retrieving the SUPER log after all the steps were done. So I didn't get a chance to evaluate any improvements yet, but there were no pop-ups while I was posting this.

#6 psypher

psypher
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 10 April 2009 - 08:49 PM

Hi boopme,

No more pop-ups so far since I posted the logs an hour back. I've also just run the malwarebytes one more time to see how many it will find after SUPERAntispyware had a chance to clean up. It detected far fewer this time, and I clicked the button to remove them. I thought I should post the new malwarebytes log also in case it may save you some diagnosis time:

**********************************
Malwarebytes' Anti-Malware 1.36
Database version: 1963
Windows 5.1.2600 Service Pack 3

4/10/2009 9:39:24 PM
mbam-log-2009-04-10 (21-39-18).txt

Scan type: Quick Scan
Objects scanned: 69153
Time elapsed: 4 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smrhc96uj0e17g (Rogue.AntivirusXP2008) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

**********************************

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,566 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:25 AM

Posted 10 April 2009 - 09:12 PM

Hi this looks good but since one of the findings I would still like to run SDFix.
Please print out and follow these instructions: "How to use SDFix". <- This program is for Windows 2000/XP ONLY.
When using this tool, you must use the Administrator's account or an account with "Administrative rights"
  • Disconnect from the Internet and temporarily disable your anti-virus, script blocking and any real time protection programs before performing a scan.
  • When done, the SDFix report log will open in notepad and automatically be saved in the SDFix folder as Report.txt.
  • If SDFix is unable to run after rebooting from Safe Mode, run SDFix in either Mode, and type F, then press Enter for it to finish the final stage and produce the report.
  • Please copy and paste the contents of Report.txt in your next reply.
  • Be sure to renable you anti-virus and and other security programs before connecting to the Internet.
-- If the computer has been infected with the VirusAlert! malware warning from the clock and the Start Menu icons or drives are not visible, open the SDFix folder, right-click on either the XP_VirusAlert_Repair.inf or W2K VirusAlert_Repair.inf (depending on your version of Windows) and select Install from the Context menu. Then reboot to apply the changes.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 psypher

psypher
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 14 April 2009 - 11:08 AM

Hi Boopme,
I downloaded SDFix and ran the batch file in safe mode, but the first screen with the options list is different from the one given on the SDFix instructions page.

I uploaded an image of the list of options SDFix gave me instead of the Y, A and N given in the instructions, and here's the link to the image

Since I didn't know which option was the equivalent of "Y", I chose to do the "A: Create System Report" option. It ran a scan and saved a SystemReport.txt to the SDFix folder, but I am not sure if that is the report you wanted me to post.

Please let me know if one of the other options is the right one, and which report to post here. Thanks.

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,566 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:25 AM

Posted 14 April 2009 - 06:59 PM

Ok, that was an odd display and I am looking at it. You made a good choice. Please post the log.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 psypher

psypher
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 14 April 2009 - 09:04 PM

Thanks. Here is the log:

System Report
*************

Run on Tue 04/14/2009 at 09:44 AM

Microsoft Windows XP [Version 5.1.2600]

Current user is an administrator

Running Processes:

\SystemRoot\System32\smss.exe [796]
\??\C:\WINDOWS\system32\csrss.exe [872]
\??\C:\WINDOWS\system32\winlogon.exe [896]
C:\WINDOWS\system32\services.exe [940]
C:\WINDOWS\system32\lsass.exe [952]
C:\WINDOWS\system32\svchost.exe [1108]
C:\WINDOWS\system32\svchost.exe [1164]
C:\WINDOWS\Explorer.EXE [1488]


Drivers - Running:

ACPI
ACPIEC
AegisP
AFD
ApfiltrService
Arp1394
atapi
audstub
Beep
Cdfs
Cdrom
cdudf_xp
CmBatt
Compbatt
Disk
DMICall
dmio
dmload
E100B
Fips
FltMgr
Ftdisk
GEARAspiWDM
Gpc
HDAudBus
HSFHWAZL
HSF_DP
i8042prt
ialm
Imapi
IntcAzAudAddService
IntelIde
intelppm
IPSec
isapnp
Kbdclass
KSecDD
MASPINT
mdmxsdk
mmc_2K
mnmdd
Modem
Mouclass
MountMgr
MRxSmb
Msfs
mssmbios
Mup
NDIS
NdisTapi
NdisWan
NDProxy
NetBIOS
NetBT
NIC1394
Npfs
Ntfs
Null
ohci1394
PartMgr
PCI
PCIIde
Pcmcia
PptpMiniport
PSched
Ptilink
pwd_2k
PxHelp20
RasAcd
Rasl2tp
RasPppoe
Raspti
Rdbss
RDPCDD
rdpdr
redbook
s24trans
SASDIFSV
SASKUTIL
SNC
sr
swenum
Tcpip
TermDD
tifmsony
UdfReadr_xp
Update
usbehci
usbhub
usbuhci
VgaSave
VolSnap
w29n51
Wanarp
winachsf


Drivers - Stopped:

Abiosdsk
abp480n5
adpu160m
aec
Aha154x
aic78u2
aic78xx
AliIde
amsint
asc
asc3350p
asc3550
AsyncMac
Atdisk
Atmarpc
cbidf2k
CCDECODE
cd20xrnt
Cdaudio
Changer
CmdIde
Cpqarray
dac960nt
dmboot
DMusic
dpti2o
drmkaud
dvd_2K
Fastfat
Fdc
Flpydisk
HidUsb
hpn
HTTP
i2omgmt
i2omp
ini910u
Ip6Fw
IpFilterDriver
IpInIp
IpNat
IRENUM
kbdhid
kmixer
lbrtfdc
LHidFlt2
LMouFlt2
motmodem
mouhid
mraid35x
MRxDAV
MSKSSRV
MSPCLOCK
MSPQM
MSTEE
NABTSFEC
NdisIP
Ndisuio
nv
NwlnkFlt
NwlnkFwd
Parport
ParVdm
PCIDump
PDCOMP
PDFRAME
PDRELI
PDRFRAME
perc2
perc2hib
ql1080
Ql10wnt
ql12160
ql1240
ql1280
RDPWD
SASENUM
Secdrv
Serial
Sfloppy
Simbad
SLIP
sonypvs1
SONYPVU1
SONYTVC
Sparrow
splitter
Srv
streamip
swmidi
symc810
symc8xx
SymIM
SymIMMP
sym_hi
sym_u3
sysaudio
TDPIPE
TDTCP
TosIde
Udfs
ultra
usbaudio
usbccgp
usbscan
usbstor
ViaIde
Wdf01000
WDICA
wdmaud
WSTCODEC


Services - Running:

DcomLaunch
RpcSs


Services - Stopped:

AdobeActiveFileMonitor4.0
Alerter
ALG
AppMgmt
aspnet_state
AudioSrv
BITS
Browser
CiSvc
ClipSrv
COMSysApp
CryptSvc
Dhcp
dmadmin
dmserver
Dnscache
Dot3svc
EapHost
ERSvc
Eventlog
EventSystem
EvtEng
FastUserSwitchingCompatibility
gusvc
helpsvc
HidServ
hkmsvc
HTTPFilter
IDriverT
IISADMIN
Image
ImapiService
iPodService
lanmanserver
lanmanworkstation
LmHosts
Messenger
mnmsrvc
MSCSPTISRV
MSDTC
MSIServer
MSSQL$MICROSOFTBCM
MSSQLSERVER
MSSQLServerADHelper
napagent
NetDDE
NetDDEdsdm
Netlogon
Netman
Nla
NtLmSsp
NtmsSvc
NVSvc
OracleOraHome81Agent
OracleOraHome81ClientCache
OracleOraHome81CMAdmin
OracleOraHome81CMan
OracleOraHome81DataGatherer
OracleOraHome81HTTPServer
OracleOraHome81PagingServer
OracleOraHome81TNSListener
OracleServiceCRMDMO
OracleServiceORCL
PACSPTISVR
PlugPlay
PolicyAgent
ProtectedStorage
RasAuto
RasMan
RDSessMgr
RegSrvc
RemoteAccess
RemoteRegistry
RpcLocator
RSVP
S24EventMonitor
SamSs
SCardSvr
Schedule
seclogon
SENS
SharedAccess
ShellHWDetection
SMTPSVC
Spooler
SPTISRV
SQLAgent$MICROSOFTBCM
SQLSERVERAGENT
srservice
SSDPSRV
SSScsiSV
stisvc
SwPrv
SysmonLog
TapiSrv
TermService
Themes
TlntSvr
TrkWks
TUXEDO
TUXEDO
UMWdf
upnphost
UPS
VAIO
VAIO
VAIO
VAIO
VAIOMediaPlatform-IntegratedServer-AppServer
VAIOMediaPlatform-IntegratedServer-HTTP
VAIOMediaPlatform-IntegratedServer-UPnP
VAIOMediaPlatform-Mobile-Gateway
Vcsw
VSS
VzCdbSvc
VzFw
W32Time
W3SVC
WebClient
winmgmt
WmdmPmSN
Wmi
WmiApSrv
wscsvc
wuauserv
WZCSVC
xmlprov


Files Created/Modified - 60 Days:


C:\

Apr 14 2009 9:33:30a 526,897,152 A.SH. "C:\hiberfil.sys"
Apr 14 2009 9:33:28a 792,723,456 A.SH. "C:\pagefile.sys"


C:\WINDOWS\

Apr 14 2009 9:33:30a 2,048 A.S.. "C:\WINDOWS\bootstat.dat"
Mar 22 2009 8:46:10a 314,768 A.... "C:\WINDOWS\system32\FNTCACHE.DAT"
Mar 8 2009 12:58:06p 92,834 A.... "C:\WINDOWS\system32\perfc009.dat"
Mar 8 2009 12:58:06p 483,746 A.... "C:\WINDOWS\system32\perfh009.dat"
Apr 14 2009 9:32:24a 6 A..H. "C:\WINDOWS\Tasks\SA.DAT"
Apr 14 2009 9:43:32a 73 A.... "C:\WINDOWS\Temp\scs4.tmp"
Apr 6 2009 3:32:46p 15,504 A.... "C:\WINDOWS\system32\drivers\mbam.sys"
Apr 6 2009 3:32:54p 38,496 A.... "C:\WINDOWS\system32\drivers\mbamswissarmy.sys"


C:\Program Files\

Feb 23 2009 11:48:44p 64,942 A.... "C:\Program Files\ImageJ\unins000.dat"
Feb 23 2009 11:47:10p 695,578 A.... "C:\Program Files\ImageJ\unins000.exe"
Mar 26 2009 4:49:46p 73,360 A.... "C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll"
Apr 6 2009 3:32:44p 1,277,584 A.... "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"
Apr 6 2009 3:32:48p 401,040 A.... "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe"
Apr 6 2009 3:32:48p 179,856 A.... "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe"
Apr 10 2009 4:05:20p 23,280 A.... "C:\Program Files\Malwarebytes' Anti-Malware\unins000.dat"
Apr 10 2009 4:05:04p 690,832 A.... "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Apr 6 2009 3:32:50p 77,968 A.... "C:\Program Files\Malwarebytes' Anti-Malware\zlib.dll"
Mar 21 2009 2:42:52p 17,400 A.... "C:\Program Files\Mozilla Firefox\AccessibleMarshal.dll"
Mar 21 2009 2:43:14p 185,848 A.... "C:\Program Files\Mozilla Firefox\crashreporter.exe"
Mar 21 2009 2:43:18p 307,704 A.... "C:\Program Files\Mozilla Firefox\firefox.exe"
Mar 21 2009 2:43:18p 233,472 A.... "C:\Program Files\Mozilla Firefox\freebl3.dll"
Mar 21 2009 2:43:18p 695,288 A.... "C:\Program Files\Mozilla Firefox\js3250.dll"
Mar 21 2009 2:43:20p 710,136 A.... "C:\Program Files\Mozilla Firefox\mozcrt19.dll"
Mar 21 2009 2:43:20p 198,136 A.... "C:\Program Files\Mozilla Firefox\nspr4.dll"
Mar 21 2009 2:43:22p 718,328 A.... "C:\Program Files\Mozilla Firefox\nss3.dll"
Mar 21 2009 2:43:22p 292,344 A.... "C:\Program Files\Mozilla Firefox\nssckbi.dll"
Mar 21 2009 2:43:22p 103,928 A.... "C:\Program Files\Mozilla Firefox\nssdbm3.dll"
Mar 21 2009 2:43:24p 87,544 A.... "C:\Program Files\Mozilla Firefox\nssutil3.dll"
Mar 21 2009 2:43:24p 20,472 A.... "C:\Program Files\Mozilla Firefox\plc4.dll"
Mar 21 2009 2:43:24p 17,400 A.... "C:\Program Files\Mozilla Firefox\plds4.dll"
Mar 21 2009 2:43:30p 103,928 A.... "C:\Program Files\Mozilla Firefox\smime3.dll"
Mar 21 2009 2:43:32p 151,552 A.... "C:\Program Files\Mozilla Firefox\softokn3.dll"
Mar 21 2009 2:43:32p 395,768 A.... "C:\Program Files\Mozilla Firefox\sqlite3.dll"
Mar 21 2009 2:43:32p 136,696 A.... "C:\Program Files\Mozilla Firefox\ssl3.dll"
Mar 21 2009 2:43:32p 242,168 A.... "C:\Program Files\Mozilla Firefox\updater.exe"
Mar 21 2009 2:43:34p 17,912 A.... "C:\Program Files\Mozilla Firefox\xpcom.dll"
Mar 21 2009 2:43:40p 9,744,376 A.... "C:\Program Files\Mozilla Firefox\xul.dll"
Mar 23 2009 2:07:26p 9,968 A.... "C:\Program Files\SUPERAntiSpyware\sasdifsv.sys"
Mar 23 2009 2:07:28p 7,408 A...R "C:\Program Files\SUPERAntiSpyware\SASENUM.SYS"
Mar 23 2009 2:07:26p 72,944 A.... "C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS"
Mar 23 2009 2:07:22p 158,960 A.... "C:\Program Files\SUPERAntiSpyware\SSUpdate.exe"
Mar 23 2009 2:07:24p 1,830,128 A.... "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
Mar 21 2009 2:43:02p 23,032 A.... "C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll"
Mar 21 2009 2:43:04p 134,648 A.... "C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll"
Mar 21 2009 2:43:24p 65,528 A.... "C:\Program Files\Mozilla Firefox\plugins\npnul32.dll"
Mar 21 2009 2:43:28p 117 A.... "C:\Program Files\Mozilla Firefox\res\hiddenWindow.html"
Mar 21 2009 2:43:32p 509,536 A.... "C:\Program Files\Mozilla Firefox\uninstall\helper.exe"
Mar 21 2009 12:23:22p 1,550,337 A.... "C:\Program Files\Yahoo! Games\Ranch Rush\RanchRush.exe"
Mar 16 2009 7:50:00p 154,077 ...H. "C:\Program Files\Yahoo! Games\Ranch Rush\Uninstall.exe"
Mar 21 2009 2:43:16p 7,139 A.... "C:\Program Files\Mozilla Firefox\defaults\profile\bookmarks.html"


Files with hidden attributes:

Sat 1 Dec 2007 6,219,320 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Fri 23 Jun 2006 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 16 Mar 2009 154,077 ...H. --- "C:\Program Files\Yahoo! Games\Ranch Rush\Uninstall.exe"
Wed 1 Apr 2009 61,440 A.SH. --- "C:\Documents and Settings\All Users\Application Data\feyavezi\feyavezi.exe"
Fri 10 Apr 2009 64,512 A.SH. --- "C:\Documents and Settings\All Users\Application Data\lovuliru\lovuliru.exe"
Thu 9 Apr 2009 61,440 A.SH. --- "C:\Documents and Settings\All Users\Application Data\rebarali\rebarali.exe"
Sun 29 Mar 2009 61,440 A.SH. --- "C:\Documents and Settings\All Users\Application Data\royotago\royotago.exe"
Thu 2 Apr 2009 61,440 A.SH. --- "C:\Documents and Settings\All Users\Application Data\vovugesi\vovugesi.exe"
--- 48,640 A.SH. --- "C:\Documents and Settings\All Users\Application Data\wawunego\wawunego.dll.tmp"
Sat 4 Apr 2009 61,440 A.SH. --- "C:\Documents and Settings\All Users\Application Data\zuyijuli\zuyijuli.exe"
Sun 26 Nov 2006 2,990,080 A..H. --- "C:\Documents and Settings\Owner\My Documents\Dissertation\~WRL3930.tmp"
Wed 16 Apr 2008 24,064 ...H. --- "C:\Documents and Settings\Owner\My Documents\food intake\~WRL0236.tmp"
Wed 16 Apr 2008 24,064 ...H. --- "C:\Documents and Settings\Owner\My Documents\food intake\~WRL1803.tmp"
Mon 13 Nov 2006 319,456 A..H. --- "C:\Program Files\Common Files\Motorola Shared\MotPCSDrivers\difxapi.dll"
Sat 23 Aug 2008 260,784 ...HR --- "C:\WINDOWS\system32\drivers\etc\Hosts.bak"


Program Folders:

C:\Program Files\

Adobe
Apoint
Apple Software Update
Common Files
CONEXANT
Corel
EndNote 9
Google
ImageJ
InstallShield Installation Information
Intel
InterMute
Internet Explorer
InterVideo
iPod
iTunes
Java
Logitech
Malwarebytes' Anti-Malware
Messenger
Microsoft ActiveSync
microsoft frontpage
Microsoft IntelliType Pro
Microsoft Office
Microsoft SQL Server
Microsoft Visual Studio .NET 2003
Microsoft Works
MoodLogic
Movie Maker
Mozilla Firefox
MSECache
msn
MSN Gaming Zone
MSXML 4.0
NetMeeting
Online Services
Oracle
Outlook Express
Picasa2
PIXELA
Quicken
QuickTime
Real
Realtek
Roxio
Shield
Sony
Sony Corporation
Spybot - Search & Destroy
StorageSync
SUPERAntiSpyware
Uninstall Information
Verizon
Windows Media Player
Windows NT
WindowsUpdate
xerox
Yahoo!
Yahoo! Games

C:\Program Files\Common Files\

Adobe
Crystal Decisions
Designer
InstallShield
Intuit
Java
Logitech
Microsoft Shared
Motorola Shared
MSSoap
ODBC
Palo Alto Software
Real
Risxtd
Roxio Shared
Services
Sony Shared
SpeechEngines
Symantec Shared
System
Wise Installation Wizard
xing shared


Add/Remove Programs:

Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop Elements 4.0
Adobe Shockwave Player 11
HDAUDIO SoftV92 Data Fax Modem with SmartCP
CONNECT
Google Video Player
Microsoft Internationalized Domain Names Mitigation APIs
Windows Internet Explorer 7
ImageJ 1.41o
Quicken 2005
OpenMG Secure Module 4.1.00
VAIO Registration
iTunes
iPod for Windows 2005-09-23
VAIO Survey Standalone
ISI ResearchSoft - Export Helper
Jojo's Fashion Show (remove only)
High Definition Audio Driver Package - KB835221
Microsoft Data Access Components KB870669
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB923689)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows XP (KB941569)
Update for Windows XP (KB942763)
Security Update for Windows XP (KB946648)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Update for Windows XP (KB951072-v2)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Update for Windows XP (KB951978)
Security Update for Windows Media Player (KB952069)
Hotfix for Windows XP (KB952287)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Update for Windows XP (KB955839)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957097)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB960225)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows Internet Explorer 7 (KB961260)
Update for Windows XP (KB967715)
Microsoft .NET Framework 1.1 Hotfix (KB886904)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft SQL Server 2000
MIT Scheme
Sony USB Mouse
Mozilla Firefox (3.0.6)
MicroStaff WINASPI
Microsoft National Language Support Downlevel APIs
NVIDIA Drivers
OpenMG Limited Patch 4.1-05-13-31-01
PeopleSoft Edition of BEA TUXEDO v6.5 / BEA Jolt 1.2
Picasa 2
Intel® PROSet/Wireless Software
Intel® PRO Network Connections Drivers
Ranch Rush (remove only)
RealPlayer
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
WebLogic Server 6.1
WebLogic Server 6.1 Service Pack 2
Windows Genuine Advantage Notifications (KB905474)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3
Yahoo! Messenger
Yahoo! Photos Easy Upload Tool 1v7
Yahoo! Install Manager
SonicStage Mastering Studio Audio Filter Custom Preset
Sony MP4 Shared Library
QuickTime
Corel Painter Essentials 3
VAIO Wireless Utility
InterVideo WinDVDX
VAIO Original Screen Saver
VAIO Media 4.0
VAIO Media AC3 Decoder 1.0
mProSafe
Memory Stick Formatter
mDriver
Wireless Switch Setting Utility
Quicken 2005
OpenMG Secure Module 4.1.00
VAIO Registration
J2SE Runtime Environment 5.0
EndNote 9
MSXML 4.0 SP2 (KB927978)
ND To Image6D
Microsoft Works
VAIO Update 2
VAIO Control Center
VAIO Original Screen Saver VAIO Motion SD Wide Contents
Microsoft IntelliType Pro 5.3
Image Transfer
Logitech MouseWare 9.79
Setting Utility Series
Sony USB Driver
VAIO Light Flo Wallpaper
Easy CD & DVD Creator 6
Business Contact Manager for Outlook 2003
DVgate Plus
mCore
VAIO Media Redistribution 4.0
Microsoft Visual C++ 2005 Redistributable
Apple Software Update
VAIO Media Integrated Server 4.1
ISScript
MSXML 4.0 SP2 (KB954430)
iTunes
Intel® Graphics Media Accelerator Driver for Mobile
mPfMgr
Motorola Driver Installation
Adobe Help Center 2.0
Microsoft Office XP Professional
Compatibility Pack for the 2007 Office system
Image Converter 2
InterVideo WinDVD for VAIO
mXML
VAIO Power Management
SonicStage 3.0
VAIO Launcher
Adobe Reader 7.0
VAIO Media Registration Tool 4.0
Sony Video Shared Library
MSXML 4.0 SP2 (KB936181)
Microsoft .NET Framework 1.1
GearDrvs
SUPERAntiSpyware Free Edition
Sony Certificate PCH
iPod for Windows 2005-09-23
VAIO Entertainment Platform
VAIO TV Tuner Library 1.4
VAIO Zone Remote Commander
Adobe Photoshop Elements 4.0
VAIO Zone
Sony Utilities DLL
mMHouse
VAIO Event Service
Realtek High Definition Audio Driver
VAIO Survey Standalone
mWlsSafe


Run Values:

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"MSConfig"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe /auto"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"


Bot Check:

SERVICE_NAME: wscsvc
DISPLAY_NAME : Security Center
START_TYPE : 4 DISABLED

SERVICE_NAME: sharedaccess
DISPLAY_NAME : Windows Firewall/Internet Connection Sharing (ICS)
START_TYPE : 4 DISABLED

SERVICE_NAME: wuauserv
DISPLAY_NAME : Automatic Updates
START_TYPE : 4 DISABLED

SERVICE_NAME: srservice
DISPLAY_NAME : System Restore Service
START_TYPE : 4 DISABLED

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole]
"EnableDCOM"="Y"
"EnableRemoteConnect"="Y"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"restrictanonymous"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update]
"AUOptions"=dword:00000004

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify"=dword:00000000
"AntiVirusDisableNotify"=dword:00000000
"UpdatesDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"WaitToKillServiceTimeout"="20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"SFCDisable"=dword:00000000
"Shell"="Explorer.exe"
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shell extensions]



[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters]
"TransportBindName"="\\Device\\"


ShellExecuteHooks:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""



Environment:


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\environment
ComSpec REG_EXPAND_SZ %SystemRoot%\system32\cmd.exe
NLSPATH REG_SZ c:\tuxedo\locale\c
OS REG_SZ Windows_NT
Path REG_EXPAND_SZ C:\oracle8i\ora81\bin;C:\oracle8i\ora81\Apache\Perl\5.00503\bin\mswin32-x86;C:\Program Files\Oracle\jre\1.1.7\bin;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Intel\Wireless\Bin\;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\Microsoft Office\OFFICE11\Business Contact Manager\IM;C:\Program Files\Microsoft Office\OFFICE11\Business Contact Manager\;C:\tuxedo\bin;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Roxio Shared\DLLShared
PATHEXT REG_SZ .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
TEMP REG_EXPAND_SZ %SystemRoot%\TEMP
TMP REG_EXPAND_SZ %SystemRoot%\TEMP
TUXDIR REG_EXPAND_SZ C:\tuxedo
windir REG_EXPAND_SZ %SystemRoot%
WV_GATEWAY_CFG REG_EXPAND_SZ C:\oracle8i\ora81\Apache\modplsql\cfg\wdbsvr.app
CLASSPATH REG_SZ .;C:\Program Files\Java\jre1.5.0\lib\ext\QTJava.zip
QTJAVA REG_SZ C:\Program Files\Java\jre1.5.0\lib\ext\QTJava.zip
PS5ROOT REG_SZ C:\Program Files\Roxio\Easy CD Creator 6\PhotoSuite\

SecurityProviders:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders
SecurityProviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Authentication Packages:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0


Subsystem Startup:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems]
"Windows"="%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16"


Midi Drivers:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midi"="wdmaud.drv"
"midi1"="wdmaud.drv"
"midi2"="wdmaud.drv"


Non-Default IFEO Debugger:


Non-Default Installed Components:


Non-Default Safeboot Minimal:


File Associations:


[HKEY_CLASSES_ROOT\batfile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\cmdfile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\comfile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"

[HKEY_CLASSES_ROOT\htafile\shell\open\command]
@="C:\\WINDOWS\\system32\\mshta.exe \"%1\" %*"

[HKEY_CLASSES_ROOT\http\shell\open\command]
@="\"C:\\Program Files\\Mozilla Firefox\\firefox.exe\" -requestPending -osint -url \"%1\""

[HKEY_CLASSES_ROOT\htmlfile\shell\open\command]
@="\"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE\" -nohome"

[HKEY_CLASSES_ROOT\regedit\shell\open\command]
@="regedit.exe %1"

[HKEY_CLASSES_ROOT\regfile\shell\open\command]
@="regedit.exe \"%1\""

[HKEY_CLASSES_ROOT\scrfile\shell\open\command]
@="\"%1\" /S"

[HKEY_CLASSES_ROOT\txtfile\shell\open\command]
@="%SystemRoot%\system32\NOTEPAD.EXE %1"


Finished!

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,566 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:25 AM

Posted 14 April 2009 - 11:03 PM

Hi, You look good. Please run MBAm once more and tell how the PC is running now.
Rerun MBAM

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan.
After scan click Remove Selected, Post new scan log and Reboot into normal mode.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 psypher

psypher
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:01:25 AM

Posted 16 April 2009 - 08:45 AM

Hi boopme,

Here is the MBAM log.

Malwarebytes' Anti-Malware 1.36
Database version: 1963
Windows 5.1.2600 Service Pack 3

4/15/2009 7:59:18 PM
mbam-log-2009-04-15 (19-59-10).txt

Scan type: Quick Scan
Objects scanned: 73652
Time elapsed: 7 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smrhc96uj0e17g (Rogue.AntivirusXP2008) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,566 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:25 AM

Posted 16 April 2009 - 03:17 PM

Wow you had a year old one in there. Please rescan MBAM needs an UPDate. Did you click remove selected?

Rerun MBAM

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan.
After scan click Remove Selected, Post new scan log and Reboot into normal mode.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users