Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HELP! "Trojan-Keylogger.WIN32.Fung "


  • This topic is locked This topic is locked
33 replies to this topic

#1 stang976

stang976

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:30 PM

Posted 03 June 2009 - 03:38 PM

I deleted all related files through Malwarebytes Anti-Malware, but my computer is STILL infected. Also, everytime I try to open internet explorer for the past year, shady programs get downloaded onto my PC without my authorization. I switched to firefox but need IE for work. PLEASE PLEASE PLEASE help me fix this!

Here is my log:

DDS (Ver_09-05-14.01) - NTFSx86
Run by t-money at 16:29:18.73 on Wed 06/03/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.99 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\dlbtcoms.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Real Estate Tool Belt\RealEstateToolBelt - Mortgage Calculator\MortgageCalculator.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\t-money\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = http=localhost:7171
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat

7.0\activex\AcroIEHelper.dll
BHO: : {1a7f9b45-4a7e-46dc-a73e-b41828987a98} - c:\program files\windows media player\mevohusec58441.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Megaupload Toolbar: {4e7bd74f-2b8d-469e-ccb0-b130eedbe97c} - c:\progra~1\megaup~1\MEGAUP~1.DLL
BHO: {58472bc6-bea3-42d4-8917-7a8bcb0711b5} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: {c12c431d-a0f8-897c-dd7c-fdadaee47492} - c:\windows\system32\fzy.dll
BHO: {c37d4912-f5f8-da26-d97c-fdadaee470c7} - c:\windows\system32\omgd.dll
BHO: {c9781e18-a1ab-db28-8c7c-fdadaee473c2} - c:\windows\system32\bduqz.dll
BHO: : {deae5349-abd5-4551-8911-0c86d3e6b7cd} - c:\program files\windows media player\mevohusec.dll
{f58ff278-2198-403b-9170-c95022a194c6}
TB: Megaupload Toolbar: {4e7bd74f-2b8d-469e-ccb0-b130eedbe97c} - c:\progra~1\megaup~1\MEGAUP~1.DLL
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
uRun: [PeerGuardian] c:\program files\peerguardian2\pg2.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [04b7d935c801d3c818c397e9e7e0fa66.30] c:\windows\system32\rundll32.exe

"c:\windows\system32\04b7d935c801d3c818c397e9e7e0fa66.30.dll", start2 aff_id=2973=wm_id=0
mRun: [SunJavaUpdateSched] c:\program files\java\jre1.5.0_06\bin\jusched.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [PRONoMgrWired] c:\program files\intel\prosetwired\ncs\proset\PRONoMgr.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [mmtask] c:\program files\musicmatch\musicmatch jukebox\mmtask.exe
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [UDC Integration]
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe"
mRun: [WrtMon.exe] c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [04b7d935c801d3c818c397e9e7e0fa66.30] c:\windows\system32\rundll32.exe

"c:\windows\system32\04b7d935c801d3c818c397e9e7e0fa66.30.dll", start2 aff_id=2973=wm_id=0
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\t-money\startm~1\programs\startup\04b7d9~1.lnk - c:\windows\system32\rundll32.exe
StartupFolder: c:\docume~1\t-money\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common

files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\04b7d9~1.lnk - c:\windows\system32\rundll32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat

7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\reales~1.lnk -

c:\windows\installer\{b92cd5cd-42db-4f01-9af8-480fd86aa1ae}\_4d064db7.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program

files\java\jre1.5.0_06\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} -

c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: amaena.com
Trusted Zone: imageservr.com
Trusted Zone: imageservr.com\locator.cdn
Trusted Zone: winfixer.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\puresp3.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: awtqq - awtqq.dll
Notify: byxwtqq - byxwtqq.dll
Notify: igfxcui - igfxdev.dll
Notify: vtsqo - c:\windows\system32\vtsqo.dll
AppInit_DLLs: nslookup.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\t-money\applic~1\mozilla\firefox\profiles\e2tbdrk1.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbarff\components\vmAVGConnector.dll
FF - plugin: c:\documents and settings\t-money\application

data\mozilla\firefox\profiles\e2tbdrk1.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp

071303000006.dll
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R0 AVG Anti-Rootkit;AVG Anti-Rootkit;c:\windows\system32\drivers\avgarkt.sys [2007-1-31 5632]
R1 AvgArCln;Avg Anti-Rootkit Clean Driver;c:\windows\system32\drivers\AvgArCln.sys [2007-6-20 3968]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-5-30 325896]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-5-30 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-5-30 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-5-30 298776]
S2 DP1112;DP1112;\??\c:\windows\system32\drivers\dp.sys --> c:\windows\system32\drivers\DP.sys [?]

=============== Created Last 30 ================

2009-06-03 14:53 <DIR> --d----- c:\program files\Zango
2009-06-03 14:53 <DIR> --d----- c:\program files\MyWebSearch
2009-06-03 14:53 <DIR> --d----- c:\program files\Antispyware 2008
2009-05-30 13:45 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-05-30 13:34 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-05-30 13:34 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-05-30 13:34 325,896 a------- c:\windows\system32\drivers\avgldx86.sys
2009-05-30 13:33 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-05-30 13:33 <DIR> --d----- c:\docume~1\t-money\applic~1\AVGTOOLBAR
2009-05-30 13:32 <DIR> --d----- c:\program files\AVG
2009-05-30 13:32 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-05-30 13:27 65,103,168 a------- c:\program files\avg_free_stf_en_85_339a1525.exe
2009-05-29 14:43 <DIR> --d----- c:\program files\wink
2009-05-29 14:43 <DIR> --d----- c:\program files\WildTangent
2009-05-29 14:43 <DIR> --d----- c:\program files\webrebates4
2009-05-29 14:43 <DIR> --d----- c:\program files\Topsearch
2009-05-29 14:43 <DIR> --d----- c:\program files\System Files
2009-05-29 14:43 <DIR> --d----- c:\program files\SpywareQuake
2009-05-29 14:43 <DIR> --d----- c:\program files\SPYSPOTTER3
2009-05-29 14:43 <DIR> --d----- c:\program files\SPYSPOTTER
2009-05-29 14:43 <DIR> --d----- c:\program files\SpyFalcon
2009-05-29 14:43 <DIR> --d----- c:\program files\RapidBlaster
2009-05-29 14:43 <DIR> --d----- c:\program files\navisearch
2009-05-29 14:43 <DIR> --d----- c:\program files\mrea
2009-05-29 14:43 <DIR> --d----- c:\program files\MediaPipe
2009-05-29 14:43 <DIR> --d----- c:\program files\Kontiki
2009-05-29 14:43 <DIR> --d----- c:\program files\ItBill
2009-05-29 14:43 <DIR> --d----- c:\program files\casinoonline
2009-05-29 14:43 <DIR> --d----- c:\program files\BackWeb
2009-05-29 14:43 <DIR> --d----- c:\program files\apsi
2009-05-29 14:43 67,584 a------- c:\windows\system32\04b7d935c801d3c818c397e9e7e0fa66.30.dll
2009-05-29 14:38 <DIR> --d----- c:\program files\MeridianLink
2009-05-28 21:04 1,203,922 -------- c:\windows\system32\dllcache\sysmain.sdb
2009-05-28 21:04 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-05-28 21:04 215,552 -------- c:\windows\system32\dllcache\wordpad.exe
2009-05-28 15:13 <DIR> --d----- c:\windows\system32\scripting
2009-05-28 15:12 <DIR> --d----- c:\windows\l2schemas
2009-05-28 15:12 <DIR> --d----- c:\windows\system32\en
2009-05-28 15:12 <DIR> --d----- c:\windows\system32\bits
2009-05-28 15:09 <DIR> --d----- c:\windows\ServicePackFiles
2009-05-28 15:01 <DIR> --d----- c:\windows\EHome
2009-05-28 14:55 <DIR> --dsh--- c:\documents and settings\t-money\IECompatCache
2009-05-28 14:54 <DIR> --dsh--- c:\documents and settings\t-money\PrivacIE
2009-05-28 14:52 <DIR> --dsh--- c:\documents and settings\t-money\IETldCache
2009-05-28 14:31 <DIR> -cd-h--- c:\windows\ie8

==================== Find3M ====================

2009-05-28 15:17 78,295 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-05-27 11:31 4,704 ac-sh--- c:\windows\system32\KGyGaAvL.sys
2009-04-18 14:33 1,878,888 a------- c:\program files\install_flash_player.exe
2009-03-21 10:06 989,696 -------- c:\windows\system32\dllcache\kernel32.dll
2009-03-10 19:15 43,088 a---h--- c:\windows\system32\mlfcache.dat
2009-03-08 14:09 638,816 a------- c:\windows\system32\dllcache\iexplore.exe
2009-03-08 14:09 391,536 a------- c:\windows\system32\dllcache\iedkcs32.dll
2009-03-08 04:41 5,937,152 a------- c:\windows\system32\dllcache\mshtml.dll
2009-03-08 04:39 11,063,808 a------- c:\windows\system32\dllcache\ieframe.dll
2009-03-08 04:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 04:34 914,944 a------- c:\windows\system32\dllcache\wininet.dll
2009-03-08 04:34 1,206,784 a------- c:\windows\system32\dllcache\urlmon.dll
2009-03-08 04:34 236,544 a------- c:\windows\system32\dllcache\webcheck.dll
2009-03-08 04:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 04:34 43,008 a------- c:\windows\system32\dllcache\licmgr10.dll
2009-03-08 04:34 105,984 a------- c:\windows\system32\dllcache\url.dll
2009-03-08 04:34 193,536 a------- c:\windows\system32\dllcache\msrating.dll
2009-03-08 04:34 109,568 a------- c:\windows\system32\dllcache\occache.dll
2009-03-08 04:33 759,296 a------- c:\windows\system32\dllcache\VGX.dll
2009-03-08 04:33 18,944 a------- c:\windows\system32\dllcache\corpol.dll
2009-03-08 04:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 04:33 25,600 a------- c:\windows\system32\dllcache\jsproxy.dll
2009-03-08 04:33 726,528 a------- c:\windows\system32\dllcache\jscript.dll
2009-03-08 04:33 229,376 a------- c:\windows\system32\dllcache\ieaksie.dll
2009-03-08 04:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 04:33 420,352 a------- c:\windows\system32\dllcache\vbscript.dll
2009-03-08 04:33 125,952 a------- c:\windows\system32\dllcache\ieakeng.dll
2009-03-08 04:32 72,704 a------- c:\windows\system32\dllcache\admparse.dll
2009-03-08 04:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 04:32 173,056 a------- c:\windows\system32\dllcache\ie4uinit.exe
2009-03-08 04:32 163,840 a------- c:\windows\system32\dllcache\ieakui.dll
2009-03-08 04:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 04:32 71,680 a------- c:\windows\system32\dllcache\iesetup.dll
2009-03-08 04:32 55,808 a------- c:\windows\system32\dllcache\iernonce.dll
2009-03-08 04:32 128,512 a------- c:\windows\system32\dllcache\advpack.dll
2009-03-08 04:32 94,720 a------- c:\windows\system32\dllcache\inseng.dll
2009-03-08 04:32 594,432 a------- c:\windows\system32\dllcache\msfeeds.dll
2009-03-08 04:32 1,985,024 a------- c:\windows\system32\dllcache\iertutil.dll
2009-03-08 04:32 611,840 a------- c:\windows\system32\dllcache\mstime.dll
2009-03-08 04:24 68,608 a------- c:\windows\system32\dllcache\hmmapi.dll
2009-03-08 04:22 156,160 a------- c:\windows\system32\msls31.dll
2009-03-08 04:22 156,160 a------- c:\windows\system32\dllcache\msls31.dll
2009-03-08 04:11 445,952 a------- c:\windows\system32\dllcache\ieapfltr.dll
2009-03-06 10:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-06 10:22 284,160 -------- c:\windows\system32\dllcache\pdh.dll
2008-07-22 19:51 60,744 ac------ c:\documents and settings\t-money\g2mdlhlpx.exe
2008-07-09 16:28 48,367,896 a------- c:\program files\avg_free_stf_en_8_138a1332.exe
2008-03-25 12:45 1,206,048 a------- c:\program files\paintnt.exe
2008-03-12 16:36 1,202,152 a------- c:\program files\toolbar.exe
2008-03-09 23:20 87,608 a------- c:\docume~1\t-money\applic~1\inst.exe
2008-03-09 23:20 47,360 a------- c:\docume~1\t-money\applic~1\pcouffin.sys
2008-03-06 02:16 882,489 a------- c:\program files\pg2-050918-nt.exe
2008-02-26 22:56 439,296 a------- c:\documents and settings\t-money\GoToAssist_phone__317_en.exe
2007-10-15 18:44 6,074,888 a------- c:\program files\Doc Converter.exe
2007-10-02 11:34 15,505,200 ac------ c:\program files\IE7-WindowsXP-x86-enu.exe
2006-06-16 17:57 3,510 ac------ c:\program files\[isoHunt] LimeWire 4[1].10.9 Pro.zip.torrent
2006-06-16 17:55 2,840,440 ac------ c:\program files\LimeWireWin-full.exe
2006-01-17 14:16 630 a------- c:\program files\MagicISO.lnk
2005-12-29 20:19 5,027,808 ac------ c:\program files\BitTorrent-4.2.2.exe
1997-05-16 09:18 3,243 a------- c:\program files\README.TXT
1997-05-16 08:52 32,528 a------- c:\program files\OLEPRO32.DLL
1997-05-16 08:52 271,632 a------- c:\program files\MSVCRT.DLL
1997-05-16 08:52 939,792 a------- c:\program files\MFC42U.DLL
1997-05-16 08:52 941,840 a------- c:\program files\MFC42.DLL
1997-05-16 08:52 330,512 a------- c:\program files\MSPAINT.EXE
2007-06-18 21:29 1,808,184 ---sh--- c:\windows\system32\ddeeg.bak2
2006-08-16 15:24 1,342,625 -c-sh--- c:\windows\system32\oqstv.bak2
2006-08-18 00:44 1,697 -c-sh--- c:\windows\system32\oqstv.ini2

============= FINISH: 16:30:52.35 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:03:30 PM

Posted 04 June 2009 - 11:13 PM

Heillo stang976,


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java SE Runtime Environment (JRE) 6 Update 14.
  • Click the "Download" button to the right.
  • At the Select Platform and Language for your download drop down box
    Select Windows and Mult-Language
  • Check the box that says: "Accept License Agreement" then press Continue ( Selecting Windows will give you the 32 bit version. )
  • The page will refresh.
  • Click on the link to download Windows Offline Installation, Multi-language jre-6u13-windows-i586-p.exe and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
    Examples of older versions in Add or Remove Programs:
    J2SE Runtime Environment 5.0 Update 3
    J2SE Runtime Environment 5.0 Update 6
    Java 2 Runtime Environment, SE v1.4.2_03
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u14-windows-i586-p.exe to install the newest version.
Post the last Malwarebytes log so I can see what it is finding.

Edited by SifuMike, 04 June 2009 - 11:14 PM.
typo

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 stang976

stang976
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:30 PM

Posted 05 June 2009 - 02:43 PM

Hey Thanks a million for your help on this. I will DEFINITELY donate if you can solve my infected PC. I did everything you said (deleted all java, rebooted, installed new java, and did a full scan with malwarebytes. The virus' that were detected are the same as they've always been, everytime I quarantine or delete at the end they come right back when I restart! Also I have a fake windows shield icon in my system tray that never disappears. Here is the log:

Malwarebytes' Anti-Malware 1.35
Database version: 1917
Windows 5.1.2600 Service Pack 3

6/5/2009 3:11:20 PM
mbam-log-2009-06-05 (15-11-09).txt

Scan type: Full Scan (C:\|)
Objects scanned: 185814
Time elapsed: 1 hour(s), 45 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 25
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{f58ff278-2198-403b-9170-c95022a194c6} (Rogue.AntiSpyCheck) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{e1fab6bd-4a34-47ce-82af-50b16a6be77e} (Rogue.AntiSpyCheck) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{5aa883db-7cfd-4737-b3c3-c671595ecce5} (Rogue.AntiSpyCheck) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f58ff278-2198-403b-9170-c95022a194c6} (Rogue.AntiSpyCheck) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f58ff278-2198-403b-9170-c95022a194c6} (Rogue.AntiSpyCheck) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\AntivirusXP (Rogue.AntivirusXP) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\sysguard (Rogue.SysGuard) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Doctor Adware Pro (Rogue.DoctorAdwarePro) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\RealAV (Rogue.RealAV) -> No action taken.
HKEY_CLASSES_ROOT\threatwarning.warningbho (Rogue.AntiSpyCheck) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\antispycheck 2.1 (Rogue.AntiSpyCheck) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\asc 2.1 (Rogue.AntiSpyCheck) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\asc 2.1 (Rogue.AntiSpyCheck) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ASpyC (Rogue.AntiSpyCheck) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\ASpyC (Rogue.AntiSpyCheck) -> No action taken.
HKEY_CLASSES_ROOT\spywarning.warningbho (Rogue.AntiSpyCheck) -> No action taken.
HKEY_CLASSES_ROOT\spywarning.warningbho.1 (Rogue.AntiSpyCheck) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ASpyC (Rogue.AntiSpyCheck) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\antispycheck 2.1.exe (Rogue.AntiSpyCheck) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\antispycheck (Rogue.AntiSpyCheck) -> No action taken.
HKEY_CLASSES_ROOT\smwin32.mdr (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\VirRL2009 (Rogue.AntiVirusLab) -> No action taken.
HKEY_CLASSES_ROOT\AppID\ad-protect.EXE (Rogue.ContraVirus) -> No action taken.
HKEY_CLASSES_ROOT\AppID\spamdet.DLL (Rogue.Multiple) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Solt Lake Software (Rogue.ProAntispyware2009) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Zango (Adware.180Solutions) -> No action taken.
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> No action taken.
C:\Program Files\Antispyware 2008 (Rogue.Antispyware) -> No action taken.

Files Infected:
(No malicious items detected)





Heillo stang976,


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:

  • Download the latest version of Java SE Runtime Environment (JRE) 6 Update 14.
  • Click the "Download" button to the right.
  • At the Select Platform and Language for your download drop down box
    Select Windows and Mult-Language
  • Check the box that says: "Accept License Agreement" then press Continue ( Selecting Windows will give you the 32 bit version. )
  • The page will refresh.
  • Click on the link to download Windows Offline Installation, Multi-language jre-6u13-windows-i586-p.exe and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
    Examples of older versions in Add or Remove Programs:
    J2SE Runtime Environment 5.0 Update 3
    J2SE Runtime Environment 5.0 Update 6
    Java 2 Runtime Environment, SE v1.4.2_03
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u14-windows-i586-p.exe to install the newest version.
Post the last Malwarebytes log so I can see what it is finding.



#4 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:03:30 PM

Posted 05 June 2009 - 02:54 PM

Hi stang976,

Malwarebytes' Anti-Malware 1.35



You need to update Malwarebytes. The latest version is Malwarebytes' Anti-Malware 1.37, Database version: 2232

After you update it, the run it again and post fresh Malwarebytes log, along with a Hijackthis log.

Please dont put my replys in a quote box as that makes the posts too long.

Edited by SifuMike, 05 June 2009 - 03:00 PM.
typo

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 stang976

stang976
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:30 PM

Posted 06 June 2009 - 12:21 AM

Ok Im back, upgraded malwarebytes, this time it found a lot more infections. Heres the log:

Malwarebytes' Anti-Malware 1.37
Database version: 2182
Windows 5.1.2600 Service Pack 3

6/6/2009 1:01:37 AM
mbam-log-2009-06-06 (01-01-26).txt

Scan type: Full Scan (C:\|)
Objects scanned: 198035
Time elapsed: 1 hour(s), 26 minute(s), 49 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 29
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 6
Files Infected: 20

Memory Processes Infected:
C:\Program Files\SpyNoMore\SNM.exe (Rogue.SpyNoMore) -> No action taken.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{f58ff278-2198-403b-9170-c95022a194c6} (Rogue.AntiSpyCheck) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{e1fab6bd-4a34-47ce-82af-50b16a6be77e} (Rogue.AntiSpyCheck) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{5aa883db-7cfd-4737-b3c3-c671595ecce5} (Rogue.AntiSpyCheck) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f58ff278-2198-403b-9170-c95022a194c6} (Rogue.AntiSpyCheck) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f58ff278-2198-403b-9170-c95022a194c6} (Rogue.AntiSpyCheck) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\spynomore (Rogue.SpyNoMore) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\AntivirusXP (Rogue.AntivirusXP) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\sysguard (Rogue.SysGuard) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Doctor Adware Pro (Rogue.DoctorAdwarePro) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\RealAV (Rogue.RealAV) -> No action taken.
HKEY_CLASSES_ROOT\threatwarning.warningbho (Rogue.AntiSpyCheck) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\antispycheck 2.1 (Rogue.AntiSpyCheck) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\asc 2.1 (Rogue.AntiSpyCheck) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\asc 2.1 (Rogue.AntiSpyCheck) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ASpyC (Rogue.AntiSpyCheck) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\ASpyC (Rogue.AntiSpyCheck) -> No action taken.
HKEY_CLASSES_ROOT\spywarning.warningbho (Rogue.AntiSpyCheck) -> No action taken.
HKEY_CLASSES_ROOT\spywarning.warningbho.1 (Rogue.AntiSpyCheck) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ASpyC (Rogue.AntiSpyCheck) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\antispycheck 2.1.exe (Rogue.AntiSpyCheck) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\antispycheck (Rogue.AntiSpyCheck) -> No action taken.
HKEY_CLASSES_ROOT\smwin32.mdr (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\VirRL2009 (Rogue.AntiVirusLab) -> No action taken.
HKEY_CLASSES_ROOT\AppID\ad-protect.EXE (Rogue.ContraVirus) -> No action taken.
HKEY_CLASSES_ROOT\AppID\spamdet.DLL (Rogue.Multiple) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Solt Lake Software (Rogue.ProAntispyware2009) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SNM.exe (Rogue.SpyNoMore) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Illysoft (Rogue.SpyNoMore) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Illysoft (Rogue.SpyNoMore) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Zango (Adware.180Solutions) -> No action taken.
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> No action taken.
c:\program files\Antispyware 2008 (Rogue.Antispyware) -> No action taken.
C:\Program Files\SpyNoMore (Rogue.SpyNoMore) -> No action taken.
c:\program files\spynomore\RollBack (Rogue.SpyNoMore) -> No action taken.
c:\documents and settings\t-money\Start Menu\Programs\SpyNoMore (Rogue.SpyNoMore) -> No action taken.

Files Infected:
c:\documents and settings\t-money\local settings\Temp\pci2C8.tmp (Rogue.PCAntiMalware) -> No action taken.
c:\documents and settings\t-money\my documents\04b7d935c801d3c818c397e9e7e0fa66_pi.exe (Rogue.PCAntiMalware) -> No action taken.
c:\program files\spynomore\DetectionLog.dtl (Rogue.SpyNoMore) -> No action taken.
c:\program files\spynomore\license.txt (Rogue.SpyNoMore) -> No action taken.
c:\program files\spynomore\SNM.chm (Rogue.SpyNoMore) -> No action taken.
c:\program files\spynomore\SNM.exe (Rogue.SpyNoMore) -> No action taken.
c:\program files\spynomore\snm.ico (Rogue.SpyNoMore) -> No action taken.
c:\program files\spynomore\snmIeGuard.dat (Rogue.SpyNoMore) -> No action taken.
c:\program files\spynomore\snmIeGuard.dll (Rogue.SpyNoMore) -> No action taken.
c:\program files\spynomore\SNMMain.da3 (Rogue.SpyNoMore) -> No action taken.
c:\program files\spynomore\SNMMain.da4 (Rogue.SpyNoMore) -> No action taken.
c:\program files\spynomore\snmShield.dat (Rogue.SpyNoMore) -> No action taken.
c:\program files\spynomore\snmVaccinate.dat (Rogue.SpyNoMore) -> No action taken.
c:\program files\spynomore\SpyNoMore.url (Rogue.SpyNoMore) -> No action taken.
c:\program files\spynomore\uninst.exe (Rogue.SpyNoMore) -> No action taken.
c:\documents and settings\t-money\start menu\Programs\spynomore\SpyNoMore.lnk (Rogue.SpyNoMore) -> No action taken.
c:\documents and settings\t-money\start menu\Programs\spynomore\Uninstall.lnk (Rogue.SpyNoMore) -> No action taken.
c:\documents and settings\t-money\start menu\Programs\spynomore\Website.lnk (Rogue.SpyNoMore) -> No action taken.
c:\WINDOWS\9g234sdff3d23dfgjf23 (Worm.KoobFace) -> No action taken.
c:\documents and settings\t-money\Desktop\SpyNoMore.lnk (Rogue.SpyNoMore) -> No action taken.




Hi stang976,

Malwarebytes' Anti-Malware 1.35



You need to update Malwarebytes.




#6 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:03:30 PM

Posted 06 June 2009 - 10:00 AM

Hello stang976,

Memory Processes Infected:
C:\Program Files\SpyNoMore\SNM.exe (Rogue.SpyNoMore) -> No action taken.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{f58ff278-2198-403b-9170-c95022a194c6} (Rogue.AntiSpyCheck) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{e1fab6bd-4a34-47ce-82af-50b16a6be77e} (Rogue.AntiSpyCheck) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{5aa883db-7cfd-4737-b3c3-c671595ecce5} (Rogue.AntiSpyCheck) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f58ff278-2198-403b-9170-c95022a194c6} (Rogue.AntiSpyCheck) -> No action taken.



Your MBAM log shows "No action taken". :thumbup2:
This usually occurs if you forget to click "Remove Selected" and instead only clicked "Save Logfile.
Please read this thread and rescan again only using the (Quick Scan) in normal mode and check all items found for removal.
Don't forgot to reboot afterwards. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.
After performing the new scan, click the Logs tab and copy/paste the contents of the new report in your next reply. Please do not put my replies in quote boxes as that makes the post too long.

Edited by SifuMike, 06 June 2009 - 10:04 AM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 stang976

stang976
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:30 PM

Posted 06 June 2009 - 12:15 PM

Sorry, I pulled the log before I hit 'remove selected'. Since I updated malwarebytes yesterday, the fake windows security pop-up is gone, but my computer is still infected. I've had this zango thing on my PC for almost a year and nothing worked(spydoctor, AVG, malwarebytes). I ran another quick scan, removed selected, here is the log:

Malwarebytes' Anti-Malware 1.37
Database version: 2182
Windows 5.1.2600 Service Pack 3

6/6/2009 1:08:32 PM
mbam-log-2009-06-06 (13-08-32).txt

Scan type: Quick Scan
Objects scanned: 103181
Time elapsed: 13 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 24
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{f58ff278-2198-403b-9170-c95022a194c6} (Rogue.AntiSpyCheck) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e1fab6bd-4a34-47ce-82af-50b16a6be77e} (Rogue.AntiSpyCheck) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{5aa883db-7cfd-4737-b3c3-c671595ecce5} (Rogue.AntiSpyCheck) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f58ff278-2198-403b-9170-c95022a194c6} (Rogue.AntiSpyCheck) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AntivirusXP (Rogue.AntivirusXP) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\sysguard (Rogue.SysGuard) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Doctor Adware Pro (Rogue.DoctorAdwarePro) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\RealAV (Rogue.RealAV) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\threatwarning.warningbho (Rogue.AntiSpyCheck) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\antispycheck 2.1 (Rogue.AntiSpyCheck) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\asc 2.1 (Rogue.AntiSpyCheck) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\asc 2.1 (Rogue.AntiSpyCheck) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ASpyC (Rogue.AntiSpyCheck) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ASpyC (Rogue.AntiSpyCheck) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\spywarning.warningbho (Rogue.AntiSpyCheck) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\spywarning.warningbho.1 (Rogue.AntiSpyCheck) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ASpyC (Rogue.AntiSpyCheck) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\antispycheck 2.1.exe (Rogue.AntiSpyCheck) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\antispycheck (Rogue.AntiSpyCheck) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\smwin32.mdr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\VirRL2009 (Rogue.AntiVirusLab) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\ad-protect.EXE (Rogue.ContraVirus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\spamdet.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Solt Lake Software (Rogue.ProAntispyware2009) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Zango (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\Antispyware 2008 (Rogue.Antispyware) -> Quarantined and deleted successfully.

Files Infected:
(No malicious items detected)


#8 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:03:30 PM

Posted 06 June 2009 - 03:08 PM

Hi stang976

Database version: 2182

You still have not updated the Malwarebytes database, as the lastest Database version: 2237

When you have done that, please run it and post a fresh Malwarebytes log.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 stang976

stang976
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:30 PM

Posted 06 June 2009 - 04:13 PM

Trust me I've tried. When I try to update, an error pops up saying "Update failed. Make sure you are connected to the internet and your firewall is set to allow Malwarebytes to access the internet". I double checked my windows firewall and Malware bytes IS on the exceptions list so I have no idea why it wont update! Is this update crucial in diagnosing/repairing these issues? I am going nuts over here with my pc moving so slow. I am about to bash it and buy a mac.
Thanks again for your help.
Anthony

#10 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:03:30 PM

Posted 06 June 2009 - 04:19 PM

Hi Anthony,

Is this update crucial in diagnosing/repairing these issues?



I would not be asking you to update it if it was not necessary. :thumbup2:

If you can't update MBAM, manually download the database installer from http://malwarebytes.gt500.org/mbam-rules.exe
See also: http://malwarebytes.gt500.org/database.jsp

If you can update it then post a fresh Malwaerbytes log. If not, let me know.

Edited by SifuMike, 06 June 2009 - 04:21 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 stang976

stang976
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:30 PM

Posted 07 June 2009 - 10:38 AM

Malwarebytes' Anti-Malware 1.37
Database version: 2202
Windows 5.1.2600 Service Pack 3

6/7/2009 11:38:01 AM
mbam-log-2009-06-07 (11-38-01).txt

Scan type: Quick Scan
Objects scanned: 106063
Time elapsed: 14 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 25
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{f58ff278-2198-403b-9170-c95022a194c6} (Rogue.AntiSpyCheck) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e1fab6bd-4a34-47ce-82af-50b16a6be77e} (Rogue.AntiSpyCheck) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{5aa883db-7cfd-4737-b3c3-c671595ecce5} (Rogue.AntiSpyCheck) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f58ff278-2198-403b-9170-c95022a194c6} (Rogue.AntiSpyCheck) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f58ff278-2198-403b-9170-c95022a194c6} (Rogue.AntiSpyCheck) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AntivirusXP (Rogue.AntivirusXP) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\sysguard (Rogue.SysGuard) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Doctor Adware Pro (Rogue.DoctorAdwarePro) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\RealAV (Rogue.RealAV) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\threatwarning.warningbho (Rogue.AntiSpyCheck) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\antispycheck 2.1 (Rogue.AntiSpyCheck) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\asc 2.1 (Rogue.AntiSpyCheck) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\asc 2.1 (Rogue.AntiSpyCheck) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ASpyC (Rogue.AntiSpyCheck) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ASpyC (Rogue.AntiSpyCheck) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\spywarning.warningbho (Rogue.AntiSpyCheck) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\spywarning.warningbho.1 (Rogue.AntiSpyCheck) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ASpyC (Rogue.AntiSpyCheck) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\antispycheck 2.1.exe (Rogue.AntiSpyCheck) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\antispycheck (Rogue.AntiSpyCheck) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\smwin32.mdr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\VirRL2009 (Rogue.AntiVirusLab) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\ad-protect.EXE (Rogue.ContraVirus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\spamdet.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Solt Lake Software (Rogue.ProAntispyware2009) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Zango (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\Antispyware 2008 (Rogue.Antispyware) -> Quarantined and deleted successfully.

Files Infected:
(No malicious items detected)

#12 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:03:30 PM

Posted 07 June 2009 - 11:39 AM

Hi stang976,

We will run ComboFix.

You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.

Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.
Please read Combofix's Disclaimer.
Further, ComboFix logs are not permitted outside the HijackThis forums and then only when requested by a HJT Team member.

You need to disable your AVG Antivirus before running ComboFix, as it will prevent it from running.

To disable AVG antivirus:
Please open the AVG Control Center program -> double-click on the "AVG Resident Shield" component (looks like this: Posted Image) -> deselect the "Turn on AVG Resident Shield" checkmark and save the setting.
When you need to enable the AVG Resident Shield, just open the AVG Control Center program -> double-click on the "AVG Resident Shield" component -> select the "Turn on AVG Resident Shield" checkmark and save the setting.


Note: If you already have a copy of ComboFix on your system it is essential that you delete it before downloading this copy.

Please visit this webpage for instructions for downloading and running ComboFix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

To work properly, you must install ComboFix on the Desktop..
Post the log from ComboFix in your next reply,

A caution - ComboFix may reset a number of Internet Explorer's settings, including making IE the default browser.
ComboFix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal and increase security. If this is an issue or makes it difficult for you -- please tell me.
Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
Do not run Combofix more than once.
Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.
The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.
Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

Edited by SifuMike, 07 June 2009 - 11:45 AM.
typo

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#13 stang976

stang976
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:30 PM

Posted 08 June 2009 - 04:00 PM

ComboFix 09-06-07.07 - t-money 06/08/2009 16:24.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.239 [GMT -4:00]
Running from: c:\documents and settings\t-money\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\t-money\Application Data\inst.exe
c:\program files\Antispyware 2008
c:\program files\mediapipe
c:\program files\MyWebSearch
c:\program files\system files
c:\program files\zango
c:\temp\iee
c:\temp\iee\tmpZTF.log
c:\windows\system32\ddeeg.bak2
c:\windows\system32\ddeeg.ini
c:\windows\system32\nfr.assembly
c:\windows\system32\nfr.gpref
c:\windows\system32\o02PrEz
c:\windows\system32\oqstv.bak2
c:\windows\system32\oqstv.ini
c:\windows\system32\oqstv.ini2
c:\windows\system32\oqstv.tmp
c:\windows\system32\qrqss.ini
c:\windows\system32\S0
c:\windows\system32\S1
c:\windows\system32\S4
c:\windows\system32\S6
c:\windows\system32\S7
c:\windows\system32\win
c:\windows\system32\winpfz32.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TNIDRIVER


((((((((((((((((((((((((( Files Created from 2009-05-08 to 2009-06-08 )))))))))))))))))))))))))))))))
.

2009-06-07 15:18 . 2009-06-07 15:20 2532672 ----a-w- c:\program files\mbam-rules.exe
2009-06-06 00:44 . 2009-05-26 17:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-06 00:43 . 2009-05-26 17:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-06 00:43 . 2009-06-06 00:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-06 00:43 . 2009-06-06 00:43 3371384 ----a-w- c:\program files\mbam-setup.exe
2009-06-05 17:21 . 2009-06-05 17:20 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-04 23:43 . 2009-06-04 23:43 -------- d-----w- c:\program files\SpywareQuake
2009-06-04 23:43 . 2009-06-04 23:43 -------- d-----w- c:\program files\SPYSPOTTER3
2009-06-04 23:43 . 2009-06-04 23:43 -------- d-----w- c:\program files\SPYSPOTTER
2009-06-04 23:43 . 2009-06-04 23:43 -------- d-----w- c:\program files\SpyFalcon
2009-06-04 19:31 . 2009-06-04 19:31 1152 ----a-w- c:\windows\system32\windrv.sys
2009-06-04 19:25 . 2009-06-04 19:30 -------- d-----w- c:\documents and settings\t-money\Application Data\GetRightToGo
2009-05-30 17:45 . 2009-06-04 20:57 -------- d--h--w- C:\$AVG8.VAULT$
2009-05-30 17:34 . 2009-05-30 17:34 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-05-30 17:34 . 2009-05-30 17:34 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-30 17:34 . 2009-05-30 17:34 325896 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-05-30 17:34 . 2009-05-30 17:34 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-05-30 17:33 . 2009-06-08 12:42 -------- d-----w- c:\windows\system32\drivers\Avg
2009-05-30 17:33 . 2009-05-30 17:33 -------- d-----w- c:\documents and settings\t-money\Application Data\AVGTOOLBAR
2009-05-30 17:32 . 2009-06-01 02:34 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-05-30 17:32 . 2009-05-30 17:32 -------- d-----w- c:\program files\AVG
2009-05-30 17:27 . 2009-05-30 17:27 65103168 ----a-w- c:\program files\avg_free_stf_en_85_339a1525.exe
2009-05-30 13:35 . 2009-05-30 13:35 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-05-29 18:38 . 2009-05-29 18:38 -------- d-----w- c:\program files\MeridianLink
2009-05-29 01:04 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-05-29 01:04 . 2008-04-21 12:08 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2009-05-28 19:13 . 2009-05-28 19:13 -------- d-----w- c:\windows\system32\scripting
2009-05-28 19:12 . 2009-05-28 19:12 -------- d-----w- c:\windows\l2schemas
2009-05-28 19:12 . 2009-05-28 19:12 -------- d-----w- c:\windows\system32\en
2009-05-28 19:12 . 2009-05-28 19:12 -------- d-----w- c:\windows\system32\bits
2009-05-28 19:09 . 2009-05-28 19:13 -------- d-----w- c:\windows\ServicePackFiles
2009-05-28 19:01 . 2009-05-28 19:01 -------- d-----w- c:\windows\EHome
2009-05-28 18:55 . 2009-05-28 18:55 -------- d-sh--w- c:\documents and settings\t-money\IECompatCache
2009-05-28 18:54 . 2009-05-28 18:54 -------- d-sh--w- c:\documents and settings\t-money\PrivacIE
2009-05-28 18:52 . 2009-05-28 18:52 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-05-28 18:52 . 2009-05-28 18:52 -------- d-sh--w- c:\documents and settings\t-money\IETldCache
2009-05-28 18:31 . 2009-05-28 18:32 -------- dc-h--w- c:\windows\ie8

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-08 20:41 . 2009-06-08 20:41 -------- d-----w- c:\program files\Zango
2009-06-08 20:40 . 2009-06-08 20:40 -------- d-----w- c:\program files\System Files
2009-06-08 20:40 . 2009-06-08 20:40 -------- d-----w- c:\program files\MyWebSearch
2009-06-08 20:40 . 2009-06-08 20:40 -------- d-----w- c:\program files\MediaPipe
2009-06-08 20:40 . 2009-06-08 20:40 -------- d-----w- c:\program files\Antispyware 2008
2009-06-08 20:38 . 2008-12-13 00:34 -------- d-----w- c:\program files\DNA
2009-06-08 20:38 . 2008-12-13 00:34 -------- d-----w- c:\documents and settings\t-money\Application Data\DNA
2009-06-05 17:20 . 2005-11-14 21:53 -------- d-----w- c:\program files\Java
2009-06-05 17:20 . 2005-12-17 01:15 48968 -c--a-w- c:\documents and settings\t-money\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-05 17:06 . 2008-03-06 06:16 -------- d-----w- c:\program files\PeerGuardian2
2009-06-05 17:04 . 2005-11-14 22:05 -------- d-----w- c:\program files\Common Files\Intuit
2009-06-05 16:58 . 2005-11-14 21:55 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-29 22:23 . 2007-12-31 21:11 -------- d-----w- c:\documents and settings\t-money\Application Data\MegauploadToolbar
2009-05-28 19:17 . 2004-08-10 19:03 78295 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-27 15:31 . 2005-12-17 01:15 4704 -csha-w- c:\windows\system32\KGyGaAvL.sys
2009-05-27 15:31 . 2005-12-17 01:15 104 -csh--r- c:\windows\system32\BBBCAAD02B.sys
2009-05-19 17:14 . 2005-12-30 00:20 -------- d-----w- c:\documents and settings\t-money\Application Data\BitTorrent
2009-04-18 18:33 . 2009-04-18 18:33 1878888 ----a-w- c:\program files\install_flash_player.exe
2009-03-22 19:31 . 2009-03-22 19:31 54800 ----a-w- c:\documents and settings\Christina\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-17 23:19 . 2008-11-10 23:42 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-03-10 23:15 . 2009-03-10 23:15 43088 ---ha-w- c:\windows\system32\mlfcache.dat
2008-07-09 20:28 . 2008-07-09 20:24 48367896 ----a-w- c:\program files\avg_free_stf_en_8_138a1332.exe
2008-03-25 16:45 . 2008-03-25 16:41 1206048 ----a-w- c:\program files\paintnt.exe
2008-03-06 06:16 . 2008-03-06 06:15 882489 ----a-w- c:\program files\pg2-050918-nt.exe
2007-10-15 22:44 . 2007-10-15 22:44 6074888 ----a-w- c:\program files\Doc Converter.exe
2007-10-02 15:34 . 2007-10-02 15:31 15505200 -c--a-w- c:\program files\IE7-WindowsXP-x86-enu.exe
2006-06-16 21:57 . 2006-06-16 21:57 3510 -c--a-w- c:\program files\[isoHunt] LimeWire 4[1].10.9 Pro.zip.torrent
2006-06-16 21:55 . 2006-06-16 21:55 2840440 -c--a-w- c:\program files\LimeWireWin-full.exe
2006-01-17 18:16 . 2006-01-06 01:35 630 ----a-w- c:\program files\MagicISO.lnk
2005-12-30 00:19 . 2005-12-30 00:18 5027808 -c--a-w- c:\program files\BitTorrent-4.2.2.exe
1997-05-16 13:18 . 2008-05-06 15:14 3243 ----a-w- c:\program files\README.TXT
1997-05-16 12:52 . 2008-05-06 15:14 32528 ----a-w- c:\program files\OLEPRO32.DLL
1997-05-16 12:52 . 2008-05-06 15:14 271632 ----a-w- c:\program files\MSVCRT.DLL
1997-05-16 12:52 . 2008-05-06 15:14 939792 ----a-w- c:\program files\MFC42U.DLL
1997-05-16 12:52 . 2008-05-06 15:14 941840 ----a-w- c:\program files\MFC42.DLL
1997-05-16 12:52 . 2008-05-06 15:14 330512 ----a-w- c:\program files\MSPAINT.EXE
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-13 342848]
"04b7d935c801d3c818c397e9e7e0fa66.30"="c:\windows\system32\04b7d935c801d3c818c397e9e7e0fa66.30.dll" [2009-05-29 18:43 67584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-13 98304]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-14 536576]
"PRONoMgrWired"="c:\program files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe" [2004-12-09 86016]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2004-09-14 53248]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-11-14 26112]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-04 111936]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"04b7d935c801d3c818c397e9e7e0fa66.30"="c:\windows\system32\04b7d935c801d3c818c397e9e7e0fa66.30.dll" [2009-05-29 18:43 67584]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-30 1947928]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-05 148888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2008-04-14 53760]

c:\documents and settings\t-money\Start Menu\Programs\Startup\
04b7d935c801d3c818c397e9e7e0fa66.30.dll.lnk - c:\windows\system32\rundll32.exe [2004-8-10 33280]
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
04b7d935c801d3c818c397e9e7e0fa66.30.dll.lnk - c:\windows\system32\rundll32.exe [2004-8-10 33280]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-11-14 24576]
RealEstateToolBelt - Mortgage Calculator.lnk - c:\windows\Installer\{B92CD5CD-42DB-4F01-9AF8-480FD86AA1AE}\_4d064db7.exe [2007-9-10 7358]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= c:\program files\MSN Gaming Zone\rteqepr.html
FriendlyName=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-30 17:34 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2905:UDP"= 2905:UDP:Windows Media Format SDK (firefox.exe)
"2904:UDP"= 2904:UDP:Windows Media Format SDK (firefox.exe)
"2914:UDP"= 2914:UDP:Windows Media Format SDK (firefox.exe)
"2915:UDP"= 2915:UDP:Windows Media Format SDK (firefox.exe)
"2921:UDP"= 2921:UDP:Windows Media Format SDK (firefox.exe)
"2920:UDP"= 2920:UDP:Windows Media Format SDK (firefox.exe)
"37118:TCP"= 37118:TCP:PORT_37118
"39601:TCP"= 39601:TCP:PORT_39601
"40316:TCP"= 40316:TCP:PORT_40316
"57715:TCP"= 57715:TCP:PORT_57715
"8489:TCP"= 8489:TCP:PORT_8489
"44758:TCP"= 44758:TCP:PORT_44758
"18363:TCP"= 18363:TCP:PORT_18363
"18201:TCP"= 18201:TCP:PORT_18201
"31962:TCP"= 31962:TCP:PORT_31962
"59863:TCP"= 59863:TCP:PORT_59863
"40660:TCP"= 40660:TCP:PORT_40660
"49678:TCP"= 49678:TCP:PORT_49678
"16235:TCP"= 16235:TCP:PORT_16235
"35193:TCP"= 35193:TCP:PORT_35193
"28224:TCP"= 28224:TCP:PORT_28224
"64938:TCP"= 64938:TCP:PORT_64938
"6344:TCP"= 6344:TCP:PORT_6344
"10156:TCP"= 10156:TCP:PORT_10156
"24524:TCP"= 24524:TCP:PORT_24524
"19942:TCP"= 19942:TCP:PORT_19942
"55379:TCP"= 55379:TCP:PORT_55379
"12091:TCP"= 12091:TCP:PORT_12091
"14885:TCP"= 14885:TCP:PORT_14885
"24199:TCP"= 24199:TCP:PORT_24199
"65340:TCP"= 65340:TCP:PORT_65340
"37088:TCP"= 37088:TCP:PORT_37088
"58808:TCP"= 58808:TCP:PORT_58808
"25664:TCP"= 25664:TCP:PORT_25664
"25004:TCP"= 25004:TCP:PORT_25004
"21641:TCP"= 21641:TCP:PORT_21641
"43025:TCP"= 43025:TCP:PORT_43025
"19943:TCP"= 19943:TCP:PORT_19943
"23321:TCP"= 23321:TCP:PORT_23321
"42547:TCP"= 42547:TCP:PORT_42547
"39963:TCP"= 39963:TCP:PORT_39963
"24391:TCP"= 24391:TCP:PORT_24391
"43938:TCP"= 43938:TCP:PORT_43938
"38806:TCP"= 38806:TCP:PORT_38806
"67:UDP"= 67:UDP:DHCP Discovery Service
"24108:TCP"= 24108:TCP:PORT_24108
"18953:TCP"= 18953:TCP:PORT_18953
"33381:TCP"= 33381:TCP:PORT_33381
"28365:TCP"= 28365:TCP:PORT_28365
"42871:TCP"= 42871:TCP:PORT_42871
"13126:TCP"= 13126:TCP:PORT_13126
"57141:TCP"= 57141:TCP:PORT_57141
"11488:TCP"= 11488:TCP:PORT_11488
"25586:TCP"= 25586:TCP:PORT_25586
"25396:TCP"= 25396:TCP:PORT_25396
"8953:TCP"= 8953:TCP:PORT_8953
"36113:TCP"= 36113:TCP:PORT_36113
"32857:TCP"= 32857:TCP:PORT_32857
"23037:TCP"= 23037:TCP:PORT_23037
"15172:TCP"= 15172:TCP:PORT_15172

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/30/2009 1:34 PM 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/30/2009 1:34 PM 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [5/30/2009 1:32 PM 298776]
S2 DP1112;DP1112;\??\c:\windows\system32\Drivers\DP.sys --> c:\windows\system32\Drivers\DP.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-05-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
- - - - ORPHANS REMOVED - - - -

BHO-{1A7F9B45-4A7E-46DC-A73E-B41828987A98} - c:\program files\Windows Media Player\mevohusec58441.dll
BHO-{58472bc6-bea3-42d4-8917-7a8bcb0711b5} - (no file)
BHO-{C12C431D-A0F8-897C-DD7C-FDADAEE47492} - c:\windows\system32\fzy.dll
BHO-{C37D4912-F5F8-DA26-D97C-FDADAEE470C7} - c:\windows\system32\omgd.dll
BHO-{C9781E18-A1AB-DB28-8C7C-FDADAEE473C2} - c:\windows\system32\bduqz.dll
BHO-{DEAE5349-ABD5-4551-8911-0C86D3E6B7CD} - c:\program files\Windows Media Player\mevohusec.dll
BHO-{F58FF278-2198-403b-9170-C95022A194C6} - (no file)
HKLM-Run-SNM - c:\program files\SpyNoMore\SNM.exe
HKLM-Run-UDC Integration - (no file)
Notify-byxwtqq - byxwtqq.dll
SafeBoot-AVG Anti-Spyware Driver
SafeBoot-procexp90.Sys
SafeBoot-AVG Anti-Spyware Guard


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = http=localhost:7171
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: amaena.com
Trusted Zone: imageservr.com
Trusted Zone: imageservr.com\locator.cdn
Trusted Zone: winfixer.com
FF - ProfilePath - c:\documents and settings\t-money\Application Data\Mozilla\Firefox\Profiles\e2tbdrk1.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - plugin: c:\documents and settings\t-money\Application Data\Mozilla\Firefox\Profiles\e2tbdrk1.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-08 16:37
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\.application\bootstrap]
@DACL=(02 0000)
@="bootstrap.application.1"

[HKEY_LOCAL_MACHINE\software\Classes\cfexefile\DefaultIcon]
@DACL=(02 0000)
@SACL=
@="%1"

[HKEY_LOCAL_MACHINE\software\Classes\cfexefile\shell]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\software\Classes\cfexefile\shellex]
@DACL=(02 0000)
@SACL=
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1780)
c:\windows\system32\SynTPFcs.dll
c:\program files\ScanSoft\OmniPageSE4\OpHookSE4.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msls31.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\dlbtcoms.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Dell\NicConfigSvc\NicConfigSvc.exe
c:\program files\Pure Networks\Network Magic\nmsrvc.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\spool\drivers\w32x86\3\WrtProc.exe
c:\program files\Real Estate Tool Belt\RealEstateToolBelt - Mortgage Calculator\MortgageCalculator.exe
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Completion time: 2009-06-08 16:52 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-08 20:51

Pre-Run: 1,087,492,096 bytes free
Post-Run: 1,254,989,824 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

363 --- E O F --- 2009-05-29 07:00

#14 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:03:30 PM

Posted 08 June 2009 - 07:34 PM

Hi stang976,

Please show hidden files and folders
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the each of the following file paths into the "Suspicious files to scan"box on the top of the page:
    • c:\windows\system32\04b7d935c801d3c818c397e9e7e0fa66.30.dll
      c:\windows\system32\BBBCAAD02B.sys
  • Click on the Upload button
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.
  • If Copy to Clipbard does not work, then just copy and paste the output in your next reply.
If VirScan.org server is too busy, please submit the file to VirusTotal instead.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#15 stang976

stang976
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:30 PM

Posted 08 June 2009 - 09:01 PM

FIRST FILE

File Name : 04b7d935c801d3c818c397e9e7e0fa66.30.dll
File Size : 67584 byte
File Type : PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bi
MD5 : 5c43c32d0b0d10b1b01bd3d435d58e6a
SHA1 : 5a9485933f325349408d4abd215825f610cc091a

Scanner results : 29% Scanner(11/38) found malware!
Time : 2009/06/08 21:41:02 (EDT)
Scanner ↓ Engine Ver Sig Ver Sig Date Scan result Time
a-squared 4.5.0.1 20090607195527 2009-06-07
-
1.975
AhnLab V3 2009.06.09.00 2009.06.09 2009-06-09
-
0.739
AntiVir 8.2.0.180 7.1.4.71 2009-06-08 TR/Angelui.JI
0.108
Antiy 2.0.18 20090608.2506223 2009-06-08
0.122
Arcavir 2009 200906082044 2009-06-08
0.078
Authentium 5.1.1 200906081740 2009-06-08 W32/OnlineGames.A.gen!Eldorado (Possible)
1.150
AVAST! 4.7.4 090608-0 2009-06-08 Win32:Trojan-gen {Other}
0.007
AVG 8.5.286 270.12.58/2164 2009-06-09
3.739
BitDefender 7.81008.3346992 7.25879 2009-06-09 Trojan.Generic.1920830
3.106
CA (VET) 9.0.0.143 31.6.6547 2009-06-09
5.641
ClamAV 0.95.1 9439 2009-06-09
0.056
Comodo 3.9 1288 2009-06-08
0.717
CP Secure 1.1.0.715 2009.06.03 2009-06-03
10.337
Dr.Web 4.44.0.9170 2009.06.09 2009-06-09
4.864
F-Prot 4.4.4.56 20090608 2009-06-08 W32/OnlineGames.A.gen!Eldorado (generic, not disinfectable)
1.150
F-Secure 5.51.6100 2009.06.08.11 2009-06-08
4.031
Fortinet 2.81-3.117 10.480 2009-06-08
0.269
GData 19.5712/19.358 20090609 2009-06-09 Win32:Trojan-gen {Other} [Engine:B]
4.299
Ikarus T3.1.01.57 2009.06.03.72814 2009-06-03 Trojan-Downloader
3.082
JiangMin 11.0.706 2009.06.08 2009-06-08
2.400
Kaspersky 5.5.10 2009.06.09 2009-06-09
0.123
KingSoft 2009.2.5.15 2009.6.8.21 2009-06-08
0.629
McAfee 5.3.00 5640 2009-06-08
3.226
Microsoft 1.4701 2009.06.08 2009-06-08
5.739
mks_vir 2.01 2009.06.07 2009-06-07
3.225
Norman 6.01.05 6.01.00 2009-06-02
4.009
nProtect 20090608.02 4212508 2009-06-08 Trojan/W32.Agent.67584.BN
5.685
Panda 9.05.01 2009.06.08 2009-06-08
1.395
Quick Heal 10.00 2009.06.08 2009-06-08
1.204
Rising 20.0 21.33.03.00 2009-06-08
0.924
Sophos 2.87.1 4.42 2009-06-09 Mal/Generic-A
2.429
Sunbelt 5176 5176 2009-06-08 Trojan-Downloader.Zlob.Media-Codec
1.179
Symantec 1.3.0.24 20090608.007 2009-06-08 Trojan.Fakeavalert
0.076
The Hacker 6.3.4.3 v00342 2009-06-08
0.805
Trend Micro 8.700-1004 6.180.08 2009-06-08
0.059
VBA32 3.12.10.6 20090608.1238 2009-06-08
1.976
ViRobot 20090605 2009.06.05 2009-06-05
0.430
VirusBuster 4.5.11.10 10.107.6/1591776 2009-06-08
1.978


SECOND FILE

File Name : BBBCAAD02B.sys
File Size : 104 byte
File Type : data
MD5 : c3408273b7bf20047aa58cb62a32533b
SHA1 : 24a359c7b83a7e8c9eeb31438d2247a15229f31a

Scanner results
Scanner results : All Scanners reported not find malware!
Time : 2009/06/08 21:54:55 (EDT)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users