Jump to content

cannot run malwarebyte


aceng
 Share

Recommended Posts

Please help got infected w/ personal antivirus. Already scan w/ avira antivirus and try to finish it w/ malwarebytes but cannot running. Here the logfiles:

Malwarebytes' Anti-Malware 1.34

Database version: 1766

Windows 5.1.2600 Service Pack 2

2/16/2009 8:55:14 PM

mbam-log-2009-02-16 (20-55-14).txt

Scan type: Full Scan (C:\|)

Objects scanned: 145260

Time elapsed: 1 hour(s), 12 minute(s), 14 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 56

Registry Values Infected: 1

Registry Data Items Infected: 2

Folders Infected: 19

Files Infected: 119

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3263c594-5e07-2dda-0a14-5800bdc4dfcd} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{3263c594-5e07-2dda-0a14-5800bdc4dfcd} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\bat.batbho (Adware.Batco) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\bat.batbho.1 (Adware.Batco) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\testcpv6.bho (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{63334394-3da3-4b29-a041-03535909d361} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{2e4a04a1-a24d-45ae-aca4-949778400813} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\testcpv6.bho.1 (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{d279bc2b-a85b-4559-8fd9-ddc55f5d402d} (Adware.Batco) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{63f7460b-c831-4142-a4aa-5ec303ec4343} (Adware.Batco) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{b80a3586-caa5-41c8-89bf-e617f0b6cfbf} (Adware.Batco) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\AppID\{ff46f4ab-a85f-487e-b399-3f191ac0fe23} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\AppID\{f663b917-591f-4172-8d87-3d7d729007ca} (Adware.Batco) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{15651c7c-e812-44a2-a9ac-b467a2233e7d} (Adware.123Mania) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{622cc208-b014-4fe0-801b-874a5e5e403a} (Adware.123Mania) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{63f7460b-c831-4142-a4aa-5ec303ec4343} (Adware.Batco) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9c5b2f29-1f46-4639-a6b4-828942301d3e} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ffff0001-0002-101a-a3c9-08002b2f49fb} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000250-0320-4dd4-be4f-7566d2314352} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{13197ace-6851-45c3-a7ff-c281324d5489} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4e1075f4-eec4-4a86-add7-cd5f52858c31} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5929cd6e-2062-44a4-b2c5-2c7e78fbab38} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5dafd089-24b1-4c5e-bd42-8ca72550717b} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5fa6752a-c4a0-4222-88c2-928ae5ab4966} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8674aea0-9d3d-11d9-99dc-00600f9a01f1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{965a592f-8efa-4250-8630-7960230792f1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cf021f40-3e14-23a5-cba2-717765728274} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{fc3a74e5-f281-4f10-ae1e-733078684f3c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{63f7460b-c831-4142-a4aa-5ec303ec4343} (Adware.Batco) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3263c594-5e07-2dda-0a14-5800bdc4dfcd} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\AppID\testCPV6.DLL (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\BO1jiZmwnF2zhi (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\BATCO (Adware.Batco) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Batco (Adware.Batco) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\AppID\bat.DLL (Adware.Batco) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Bat (Adware.Batco) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Bat (Adware.Batco) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Juan (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Mozilla\Firefox\Extensions\{59a40ac9-e67d-4155-b31d-4b7330fcd2d6} (Adware.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

C:\Program Files\180searchassistant (Adware.180Solutions) -> Quarantined and deleted successfully.

C:\Program Files\180solutions (Adware.180Solutions) -> Quarantined and deleted successfully.

C:\Program Files\zango (Adware.180Solutions) -> Quarantined and deleted successfully.

C:\Program Files\seekmo (Adware.180Solutions) -> Quarantined and deleted successfully.

C:\Program Files\180search assistant (Adware.180Solutions) -> Quarantined and deleted successfully.

C:\Documents and Settings\anto\Start Menu\Programs\Outerinfo (Malware.Trace) -> Quarantined and deleted successfully.

C:\Program Files\Outerinfo (Adware.Outerinfo) -> Quarantined and deleted successfully.

C:\Program Files\Outerinfo\FF (Adware.Outerinfo) -> Quarantined and deleted successfully.

C:\Program Files\Outerinfo\FF\components (Adware.Outerinfo) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Rabio\Search Enhancer (Adware.SearchEnhancer) -> Quarantined and deleted successfully.

C:\Program Files\Temporary (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Bat (Adware.Batco) -> Quarantined and deleted successfully.

C:\Program Files\JavaCore (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Program Files\nvcoi (Trojan.Stars) -> Quarantined and deleted successfully.

C:\Program Files\stc (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\Program Files\Sysmnt (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Application Data\Rabio (Adware.Rabio) -> Quarantined and deleted successfully.

C:\WINDOWS\FLEOK (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\Program Files\CPV (Trojan.Downloader) -> Quarantined and deleted successfully.

Files Infected:

C:\WINDOWS\system32\gazokfcs.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

C:\Program Files\CPV\CPV7.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Bat\Bat.exe (Adware.Batco) -> Quarantined and deleted successfully.

C:\Program Files\Bat\X_Bat.exe (Adware.Batco) -> Quarantined and deleted successfully.

C:\Program Files\Outerinfo\FF\components\FF.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.

C:\Program Files\JavaCore\JavaCore.exe (Trojan.Insider) -> Quarantined and deleted successfully.

C:\Program Files\JavaCore\UnInstall.exe (Adware.Insider) -> Quarantined and deleted successfully.

C:\Documents and Settings\anto\Local Settings\Temp\!update.exe (Adware.PurityScan) -> Quarantined and deleted successfully.

C:\Documents and Settings\anto\Local Settings\Temp\BatSetup.exe (Adware.Batco) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{3D71B957-23D7-44AE-AF38-6D067D914D9A}\RP949\A0039110.exe (Adware.Batco) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{3D71B957-23D7-44AE-AF38-6D067D914D9A}\RP949\A0039112.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{3D71B957-23D7-44AE-AF38-6D067D914D9A}\RP949\A0039119.exe (Adware.Batco) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{3D71B957-23D7-44AE-AF38-6D067D914D9A}\RP949\A0039128.exe (Adware.Batco) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{3D71B957-23D7-44AE-AF38-6D067D914D9A}\RP950\A0039151.dll (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{3D71B957-23D7-44AE-AF38-6D067D914D9A}\RP950\A0040158.exe (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{3D71B957-23D7-44AE-AF38-6D067D914D9A}\RP950\A0040160.exe (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{3D71B957-23D7-44AE-AF38-6D067D914D9A}\RP950\A0040161.dll (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{3D71B957-23D7-44AE-AF38-6D067D914D9A}\RP950\A0040163.exe (Adware.Batco) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{3D71B957-23D7-44AE-AF38-6D067D914D9A}\RP950\A0040164.dll (Adware.Batco) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{3D71B957-23D7-44AE-AF38-6D067D914D9A}\RP950\A0040162.exe (Adware.Batco) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{3D71B957-23D7-44AE-AF38-6D067D914D9A}\RP953\A0043648.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{3D71B957-23D7-44AE-AF38-6D067D914D9A}\RP954\A0044171.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{3D71B957-23D7-44AE-AF38-6D067D914D9A}\RP955\A0045185.exe (Adware.Batco) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{3D71B957-23D7-44AE-AF38-6D067D914D9A}\RP955\A0045186.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{3D71B957-23D7-44AE-AF38-6D067D914D9A}\RP955\A0045195.exe (Adware.Batco) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{3D71B957-23D7-44AE-AF38-6D067D914D9A}\RP955\A0045205.exe (Adware.Batco) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{3D71B957-23D7-44AE-AF38-6D067D914D9A}\RP955\A0045216.exe (Adware.Batco) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{3D71B957-23D7-44AE-AF38-6D067D914D9A}\RP955\A0045223.exe (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{3D71B957-23D7-44AE-AF38-6D067D914D9A}\RP955\A0045224.dll (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{3D71B957-23D7-44AE-AF38-6D067D914D9A}\RP955\A0045225.exe (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{3D71B957-23D7-44AE-AF38-6D067D914D9A}\RP955\A0045253.dll (Adware.WebHancer) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{3D71B957-23D7-44AE-AF38-6D067D914D9A}\RP955\A0045254.exe (Adware.Batco) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{3D71B957-23D7-44AE-AF38-6D067D914D9A}\RP955\A0045414.dll (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{3D71B957-23D7-44AE-AF38-6D067D914D9A}\RP955\A0045415.dll (Adware.TTC) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{3D71B957-23D7-44AE-AF38-6D067D914D9A}\RP955\A0045416.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{3D71B957-23D7-44AE-AF38-6D067D914D9A}\RP955\A0045417.exe (Adware.ClickSpring) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{3D71B957-23D7-44AE-AF38-6D067D914D9A}\RP955\A0045418.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{3D71B957-23D7-44AE-AF38-6D067D914D9A}\RP955\A0045419.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{3D71B957-23D7-44AE-AF38-6D067D914D9A}\RP955\A0045420.dll (Trojan.BHO) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{3D71B957-23D7-44AE-AF38-6D067D914D9A}\RP955\A0045403.exe (Adware.ClickSpring) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{3D71B957-23D7-44AE-AF38-6D067D914D9A}\RP956\A0050457.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{3D71B957-23D7-44AE-AF38-6D067D914D9A}\RP957\A0051535.exe (Adware.ClickSpring) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{3D71B957-23D7-44AE-AF38-6D067D914D9A}\RP959\A0052054.dll (Adware.Batco) -> Quarantined and deleted successfully.

C:\WINDOWS\b152.exe (Trojan.Insider) -> Quarantined and deleted successfully.

C:\WINDOWS\b155.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\mrofinu1645.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\WINDOWS\mrofinu1645.exe.ren (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Program Files\180searchassistant\saap.exe (Adware.180Solutions) -> Quarantined and deleted successfully.

C:\Program Files\180searchassistant\sac.exe (Adware.180Solutions) -> Quarantined and deleted successfully.

C:\Program Files\180solutions\sais.exe (Adware.180Solutions) -> Quarantined and deleted successfully.

C:\Program Files\zango\zango.exe (Adware.180Solutions) -> Quarantined and deleted successfully.

C:\Program Files\seekmo\seekmohook.dll (Adware.180Solutions) -> Quarantined and deleted successfully.

C:\Program Files\180search assistant\180sa.exe (Adware.180Solutions) -> Quarantined and deleted successfully.

C:\Program Files\180search assistant\sau.exe (Adware.180Solutions) -> Quarantined and deleted successfully.

C:\Documents and Settings\anto\Start Menu\Programs\Outerinfo\Terms.lnk (Malware.Trace) -> Quarantined and deleted successfully.

C:\Program Files\Outerinfo\Terms.rtf (Adware.Outerinfo) -> Quarantined and deleted successfully.

C:\Program Files\Outerinfo\FF\chrome.manifest (Adware.Outerinfo) -> Quarantined and deleted successfully.

C:\Program Files\Outerinfo\FF\install.rdf (Adware.Outerinfo) -> Quarantined and deleted successfully.

C:\Program Files\Outerinfo\FF\components\OuterinfoAds.xpt (Adware.Outerinfo) -> Quarantined and deleted successfully.

C:\Program Files\Bat\Bat.dll.intermediate.manifest (Adware.Batco) -> Quarantined and deleted successfully.

C:\Program Files\Bat\Bat.info (Adware.Batco) -> Quarantined and deleted successfully.

C:\Program Files\Bat\Bat.original (Adware.Batco) -> Quarantined and deleted successfully.

C:\Program Files\Bat\Info.dll (Adware.Batco) -> Quarantined and deleted successfully.

C:\Program Files\Bat\un_BatSetup_15041.exe (Adware.Batco) -> Quarantined and deleted successfully.

C:\Program Files\Bat\un_BatSetup_15041.txt (Adware.Batco) -> Quarantined and deleted successfully.

C:\Program Files\Bat\X_Bat.log (Adware.Batco) -> Quarantined and deleted successfully.

C:\Program Files\nvcoi\mst.stt (Trojan.Stars) -> Quarantined and deleted successfully.

C:\Program Files\stc\csv5p070.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\Program Files\Sysmnt\Ssmgr.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\FLEOK\180ax.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\default.htm (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\avifile32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\avisynthex32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\aviwrap32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\bjam.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\bokja.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\browserad.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\cdsm32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\changeurl_30.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\didduid.ini (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\msa64chk.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\msapasrc.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\mspphe.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\123messenger.per (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\mssvr.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\ntnut.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\saiemod.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\salm.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\shdocpe.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\shdocpl.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\stcloader.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\swin32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\updatetc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\voiceip.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\winsb.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MSIXU.DLL (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\MSNSA32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ntnut32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\shdocpe.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\SIPSPI32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\WER8274.DLL (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\Installer\id53.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\180ax.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\2020search.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\2020search2.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\apphelp32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\asferror32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\asycfilt32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\athprxy32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\ati2dvaa32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\ati2dvag32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\audiosrv32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\autodisc32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

C:\WINDOWS\licencia.txt (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\telefonos.txt (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\textos.txt (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\winfrun32.bin (Malware.Trace) -> Quarantined and deleted successfully.

C:\Documents and Settings\anto\Favorites\Online Security Test.url (Rogue.Link) -> Quarantined and deleted successfully.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:42:34 PM, on 8/19/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Safari\Safari.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll

R3 - URLSearchHook: TVonPC8000 Toolbar - {5f21d046-d2cf-4c8d-a0f1-87adb115c336} - C:\Program Files\TVonPC8000\tbTVo1.dll

R3 - URLSearchHook: TVonPC8000 kid Toolbar - {7f96b6db-e790-4cbe-a84e-a6de29051bed} - C:\Program Files\TVonPC8000_kid\tbTVo1.dll

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sbwltbxa.exe,

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O2 - BHO: TVonPC8000 Toolbar - {5f21d046-d2cf-4c8d-a0f1-87adb115c336} - C:\Program Files\TVonPC8000\tbTVo1.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: TVonPC8000 kid Toolbar - {7f96b6db-e790-4cbe-a84e-a6de29051bed} - C:\Program Files\TVonPC8000_kid\tbTVo1.dll

O2 - BHO: &Helper - {A77D3539-581D-450C-9E44-A84C415A6172} - C:\WINDOWS\system32\msxmlm.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O3 - Toolbar: TVonPC8000 Toolbar - {5f21d046-d2cf-4c8d-a0f1-87adb115c336} - C:\Program Files\TVonPC8000\tbTVo1.dll

O3 - Toolbar: TVonPC8000 kid Toolbar - {7f96b6db-e790-4cbe-a84e-a6de29051bed} - C:\Program Files\TVonPC8000_kid\tbTVo1.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm

O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1130711796204

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O20 - AppInit_DLLs:

O20 - Winlogon Notify: pmnlkkl - pmnlkkl.dll (file missing)

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

--

End of file - 7475 bytes

Link to post
Share on other sites

  • Staff

Welcome to the forums.

Your system is badly infected. Worse still, your version of Malwarebytes is ages old.

Please use the internal updater or the link download link below and get the latest version, 1.40

Download link:(downloads do not differ, registration with your ID & key activate the PRO features - this link generates any number of our 'official' download sites, not just malwarebytes.org):

http://www.malwarebytes.org/mbam-download.php

Pay close attention to the actual download link. Many download sites have big giant sponsored ads from other vendors of other types of software which may confuse you. That's how they make money, by placing these ads prominently so you see them first

Ignore all 'Recommended downloads', these will be the ads.

Follow the prompts to install, update then select 'quick scan' option and send us the log which is located in the 'logs' tab of the Malwarebytes' Anti-Malware interface or the default saved location of- C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt

then add the scan log to your next post, which needs to be into the Hijackthis forum.

  • Scan and Log Procedures
  • Please download this program Trend Micro HijackThis to your desktop.
  • Double-click on it to run and install it.
  • Then launch the program and click on Do a system scan and save a logfile. This log file will open in Notepad.
  • Please start a Newtopic here and post the most recent Malwarebytes' Anti-Malware log file and HijackThis log file using Copy/Paste.
  • The Malwarebytes' Anti-Malware log file is located in the Logs tab of the program.

Someone will analyze the logs and give you further instructions.

Prompt responses to instructions and performing the required fixes as soon as possible is always best.

During this scan and cleanup process you should not install any other software unless requested to do so.

Logs to reply with: MBAM and HijackThis

NOTE: If Malwarebytes won't run or HijackThis won't run please still create a new post in the Malware Removal - HijackThis Logs forum and explain what happens.

NOTE: Please DO NOT post back to your post within the first 48 hours. Replying to your own posts changes the post count and will often cause helpers to think that you're already being helped and thus they won't open and look at your post. If no one has replied within 48 hours then please go ahead and either reply to your post or send a private message to a Moderator and let them know that you're still needing assistance.

As soon as someone is available they will assist you.

Link to post
Share on other sites

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.