Jump to content

hjt mbam won't run

burnlast

By burnlast
in Resolved Malware Removal Logs

 Share

Recommended Posts

burnlast

burnlast

Posted
  • Author
Posted

I did quick scan with mbam.Here is the log:

Malwarebytes' Anti-Malware 1.41

Database version: 2819

Windows 6.0.6001 Service Pack 1

9/18/2009 6:04:33 AM

mbam-log-2009-09-18 (06-04-33).txt

Scan type: Quick Scan

Objects scanned: 109665

Time elapsed: 4 minute(s), 3 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 2

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ddnsfilter (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Windows\0535251103110107106.yux (KoobFace.Trace) -> Quarantined and deleted successfully.

C:\Windows\mmsmark2.dat (KoobFace.Trace) -> Quarantined and deleted successfully.

Link to post
Share on other sites
burnlast

burnlast

Posted
  • Author
Posted

I quarentined the file TR/Dldr.IFrame.asu.Avira log:

Avira AntiVir Personal

Report file date: Friday, September 18, 2009 03:45

Scanning for 1725976 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus

Serial number : 0000149996-ADJIE-0000001

Platform : Windows Vista

Windows version : (Service Pack 1) [6.0.6001]

Boot mode : Normally booted

Username : SYSTEM

Computer name : STRESSINDUCER

Version information:

BUILD.DAT : 9.0.0.407 17961 Bytes 7/29/2009 10:34:00

AVSCAN.EXE : 9.0.3.7 466689 Bytes 7/21/2009 18:36:14

AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 15:58:24

LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 16:35:49

LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 15:58:52

ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 17:30:36

ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 6/24/2009 14:21:42

ANTIVIR2.VDF : 7.1.6.1 3857920 Bytes 9/16/2009 07:44:35

ANTIVIR3.VDF : 7.1.6.7 120832 Bytes 9/17/2009 07:44:36

Engineversion : 8.2.1.19

AEVDF.DLL : 8.1.1.2 106867 Bytes 9/18/2009 07:44:56

AESCRIPT.DLL : 8.1.2.31 475513 Bytes 9/18/2009 07:44:55

AESCN.DLL : 8.1.2.5 127346 Bytes 9/18/2009 07:44:53

AERDL.DLL : 8.1.2.4 430452 Bytes 7/23/2009 14:59:39

AEPACK.DLL : 8.2.0.0 422261 Bytes 9/18/2009 07:44:52

AEOFFICE.DLL : 8.1.0.38 196987 Bytes 7/23/2009 14:59:39

AEHEUR.DLL : 8.1.0.155 1921400 Bytes 9/18/2009 07:44:49

AEHELP.DLL : 8.1.7.0 237940 Bytes 9/18/2009 07:44:41

AEGEN.DLL : 8.1.1.63 364916 Bytes 9/18/2009 07:44:40

AEEMU.DLL : 8.1.0.9 393588 Bytes 10/9/2008 19:32:40

AECORE.DLL : 8.1.8.1 184693 Bytes 9/18/2009 07:44:38

AEBB.DLL : 8.1.0.3 53618 Bytes 10/9/2008 19:32:40

AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 13:47:59

AVPREF.DLL : 9.0.0.1 43777 Bytes 12/5/2008 15:32:15

AVREP.DLL : 8.0.0.3 155905 Bytes 1/20/2009 19:34:28

AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 15:32:09

AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 20:05:41

AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 15:37:08

SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 20:03:49

SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 13:21:33

NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 15:32:10

RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 5/15/2009 20:39:58

RCTEXT.DLL : 9.0.37.0 86785 Bytes 4/17/2009 15:19:48

Configuration settings for the scan:

Jobname.............................: Complete system scan

Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp

Logging.............................: low

Primary action......................: interactive

Secondary action....................: ignore

Scan master boot sector.............: on

Scan boot sector....................: on

Boot sectors........................: C:, D:,

Process scan........................: on

Scan registry.......................: on

Search for rootkits.................: on

Integrity checking of system files..: off

Scan all files......................: All files

Scan archives.......................: on

Recursion depth.....................: 20

Smart extensions....................: on

Macro heuristic.....................: on

File heuristic......................: medium

Start of the scan: Friday, September 18, 2009 03:45

Starting search for hidden objects.

'110279' objects were checked, '0' hidden objects were found.

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'taskeng.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'VSSVC.exe' - '1' Module(s) have been scanned

Scan process 'msiexec.exe' - '1' Module(s) have been scanned

Scan process 'iexplore.exe' - '1' Module(s) have been scanned

Scan process 'FlashUtil10b.exe' - '1' Module(s) have been scanned

Scan process 'iexplore.exe' - '1' Module(s) have been scanned

Scan process 'iexplore.exe' - '1' Module(s) have been scanned

Scan process 'kbd.exe' - '1' Module(s) have been scanned

Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned

Scan process 'iexplore.exe' - '1' Module(s) have been scanned

Scan process 'iexplore.exe' - '1' Module(s) have been scanned

Scan process 'PresentationFontCache.exe' - '1' Module(s) have been scanned

Scan process 'sidebar.exe' - '1' Module(s) have been scanned

Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned

Scan process 'SPUVolumeWatcher.exe' - '1' Module(s) have been scanned

Scan process 'SnapfishMediaDetector.exe' - '1' Module(s) have been scanned

Scan process 'QuickDCF2.exe' - '1' Module(s) have been scanned

Scan process 'STImgBrowser.exe' - '1' Module(s) have been scanned

Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned

Scan process 'HPAdvisor.exe' - '1' Module(s) have been scanned

Scan process 'sidebar.exe' - '1' Module(s) have been scanned

Scan process 'pctsTray.exe' - '1' Module(s) have been scanned

Scan process 'realsched.exe' - '1' Module(s) have been scanned

Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned

Scan process 'rundll32.exe' - '1' Module(s) have been scanned

Scan process 'flashget.exe' - '1' Module(s) have been scanned

Scan process 'hpgs2wnd.exe' - '1' Module(s) have been scanned

Scan process 'jusched.exe' - '1' Module(s) have been scanned

Scan process 'hpsysdrv.exe' - '1' Module(s) have been scanned

Scan process 'hpgs2wnf.exe' - '1' Module(s) have been scanned

Scan process 'RtHDVCpl.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'dwm.exe' - '1' Module(s) have been scanned

Scan process 'taskeng.exe' - '1' Module(s) have been scanned

Scan process 'HPHC_Service.exe' - '1' Module(s) have been scanned

Scan process 'taskeng.exe' - '1' Module(s) have been scanned

Scan process 'WUDFHost.exe' - '1' Module(s) have been scanned

Scan process 'XAudio.exe' - '1' Module(s) have been scanned

Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'spoolsv.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'rundll32.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'SLsvc.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'audiodg.exe' - '0' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'nvvsvc.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'lsm.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'wininit.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

72 processes with 72 modules were scanned

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

Master boot sector HD1

[iNFO] No virus was found!

[iNFO] Please restart the search with Administrator rights

Master boot sector HD2

[iNFO] No virus was found!

[iNFO] Please restart the search with Administrator rights

Master boot sector HD3

[iNFO] No virus was found!

[iNFO] Please restart the search with Administrator rights

Master boot sector HD4

[iNFO] No virus was found!

[iNFO] Please restart the search with Administrator rights

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Boot sector 'D:\'

[iNFO] No virus was found!

Starting to scan executable files (registry).

The registry was scanned ( '58' files ).

Starting the file scan:

Begin scan in 'C:\' <HP>

C:\hiberfil.sys

[WARNING] The file could not be opened!

[NOTE] This file is a Windows system file.

[NOTE] This file cannot be opened for scanning.

C:\pagefile.sys

[WARNING] The file could not be opened!

[NOTE] This file is a Windows system file.

[NOTE] This file cannot be opened for scanning.

C:\Program Files\beer\mbam.com.exe

[WARNING] The file could not be opened!

C:\Program Files\beer\mbam.com1.exe

[WARNING] The file could not be opened!

C:\Program Files\Malwarebytes' Anti-Malware\mbam.com.exe

[WARNING] The file could not be opened!

C:\Program Files\Malwarebytes' Anti-Malware\winlogo.exe.exe

[WARNING] The file could not be opened!

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

[WARNING] The file could not be opened!

C:\Qoobox\Quarantine\C\Program Files\ddnsFilter\DDnsFilter.dll.vir

[DETECTION] Is the TR/Agent.cwjg Trojan

C:\Qoobox\Quarantine\C\ProgramData\19740194\19740194.exe.vir

[DETECTION] Is the TR/PCK.Krap.X.230 Trojan

C:\Qoobox\Quarantine\C\Users\Boy Wonder\protect.dll.vir

[DETECTION] Is the TR/Scar.EF.4 Trojan

C:\Qoobox\Quarantine\C\Users\Boy Wonder\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ChkDisk.dll.vir

[DETECTION] Is the TR/Scar.EF.4 Trojan

C:\Qoobox\Quarantine\C\Users\The Boss\protect.dll.vir

[DETECTION] Is the TR/Scar.EF.4 Trojan

C:\Qoobox\Quarantine\C\Users\The Boss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ChkDisk.dll.vir

[DETECTION] Is the TR/Scar.EF.4 Trojan

C:\Qoobox\Quarantine\C\Users\The Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ChkDisk.dll.vir

[DETECTION] Is the TR/Scar.EF.4 Trojan

C:\Qoobox\Quarantine\C\Windows\freddy63.exe.vir

[DETECTION] Is the TR/Downloader.Gen Trojan

C:\Qoobox\Quarantine\C\Windows\ld14.exe.vir

[DETECTION] Is the TR/Downloader.Gen Trojan

C:\Qoobox\Quarantine\C\Windows\mstre22.exe.vir

[DETECTION] Is the TR/Downloader.Gen Trojan

C:\Qoobox\Quarantine\C\Windows\System32\rotscxpmdcllgu.dll.vir

[DETECTION] Is the TR/Drop.TDss.D Trojan

C:\Qoobox\Quarantine\C\Windows\System32\rotscxtqvwdfnw.dll.vir

[DETECTION] Is the TR/Alureon.19456U.3 Trojan

C:\Qoobox\Quarantine\C\Windows\System32\UACeipxlqcxyp.dll.vir

[DETECTION] Is the TR/Alureon.BF.2 Trojan

C:\Qoobox\Quarantine\C\Windows\System32\UACkvsgeuunif.dll.vir

[DETECTION] Is the TR/PCK.Tdss.Y.33 Trojan

C:\Qoobox\Quarantine\C\Windows\System32\UACteeryyexce.dll.vir

[DETECTION] Is the TR/PCK.Tdss.Y.33 Trojan

C:\Qoobox\Quarantine\C\Windows\System32\UACturcmghevm.dll.vir

[DETECTION] Is the TR/Dldr.FraudLoa.WD Trojan

C:\Qoobox\Quarantine\C\Windows\System32\UACuttbqybqtw.dll.vir

[DETECTION] Is the TR/PCK.Tdss.Y.437 Trojan

C:\Qoobox\Quarantine\C\Windows\System32\config\systemprofile\protect.dll.vir

[DETECTION] Is the TR/Scar.EF.4 Trojan

C:\Qoobox\Quarantine\C\Windows\System32\drivers\UACtcwwevpvfn.sys.vir

[DETECTION] Contains recognition pattern of the RKIT/Agent.rrp root kit

C:\Users\Boy Wonder\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C2Z0TXOZ\ChatRepublicPlayer[1].cab

[0] Archive type: CAB (Microsoft)

--> ChatRepublicPlayer.ocx

[WARNING] No further files can be extracted from this archive. The archive will be closed

[WARNING] No further files can be extracted from this archive. The archive will be closed

C:\Users\The Dad\AppData\Local\Mozilla\Firefox\Profiles\0a9vcf0g.default\Cache\5363FDC5d01

[DETECTION] Contains HEUR/HTML.Malware suspicious code

C:\Users\The Dad\AppData\Local\Mozilla\Firefox\Profiles\0a9vcf0g.default\Cache\7D76DC4Ad01

[DETECTION] Contains HEUR/HTML.Malware suspicious code

C:\Users\The Dad\Downloads\Patents\zlsSetup_80_065_000_en_vista.exe

[0] Archive type: ZIP SFX (self extracting)

--> SWITCHUNINST_44ZONE LABS.EXE

[1] Archive type: RSRC

--> WINDOWS6.0-KB929547-V2-X64.MSU

[1] Archive type: CAB (Microsoft)

--> Windows6.0-KB929547-v2-x64.cab

[WARNING] No further files can be extracted from this archive. The archive will be closed

C:\Windows\srpira1252948977.eXE

[DETECTION] Is the TR/Crypt.PEPM.Gen Trojan

C:\Windows\System32\tftp.msc

[DETECTION] Is the TR/Dldr.Agent.wxk Trojan

C:\Windows\System32\drivers\FILTER.sys

[DETECTION] Is the TR/Agent.cwje Trojan

Begin scan in 'D:\' <FACTORY_IMAGE>

Beginning disinfection:

C:\Qoobox\Quarantine\C\Program Files\ddnsFilter\DDnsFilter.dll.vir

[DETECTION] Is the TR/Agent.cwjg Trojan

[NOTE] The file was moved to '4b2157c9.qua'!

C:\Qoobox\Quarantine\C\ProgramData\19740194\19740194.exe.vir

[DETECTION] Is the TR/PCK.Krap.X.230 Trojan

[NOTE] The file was moved to '4aea57be.qua'!

C:\Qoobox\Quarantine\C\Users\Boy Wonder\protect.dll.vir

[DETECTION] Is the TR/Scar.EF.4 Trojan

[NOTE] The file was moved to '4b2257f7.qua'!

C:\Qoobox\Quarantine\C\Users\Boy Wonder\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ChkDisk.dll.vir

[DETECTION] Is the TR/Scar.EF.4 Trojan

[NOTE] The file was moved to '4b1e57ed.qua'!

C:\Qoobox\Quarantine\C\Users\The Boss\protect.dll.vir

[DETECTION] Is the TR/Scar.EF.4 Trojan

[NOTE] The file was moved to '4dbedda8.qua'!

C:\Qoobox\Quarantine\C\Users\The Boss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ChkDisk.dll.vir

[DETECTION] Is the TR/Scar.EF.4 Trojan

[NOTE] The file was moved to '4c0b2d6e.qua'!

C:\Qoobox\Quarantine\C\Users\The Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ChkDisk.dll.vir

[DETECTION] Is the TR/Scar.EF.4 Trojan

[NOTE] The file was moved to '4b1e57ee.qua'!

C:\Qoobox\Quarantine\C\Windows\freddy63.exe.vir

[DETECTION] Is the TR/Downloader.Gen Trojan

[NOTE] The file was moved to '4b1857f8.qua'!

C:\Qoobox\Quarantine\C\Windows\ld14.exe.vir

[DETECTION] Is the TR/Downloader.Gen Trojan

[NOTE] The file was moved to '4ae457ea.qua'!

C:\Qoobox\Quarantine\C\Windows\mstre22.exe.vir

[DETECTION] Is the TR/Downloader.Gen Trojan

[NOTE] The file was moved to '4b2757f9.qua'!

C:\Qoobox\Quarantine\C\Windows\System32\rotscxpmdcllgu.dll.vir

[DETECTION] Is the TR/Drop.TDss.D Trojan

[NOTE] The file was moved to '4b2757f6.qua'!

C:\Qoobox\Quarantine\C\Windows\System32\rotscxtqvwdfnw.dll.vir

[DETECTION] Is the TR/Alureon.19456U.3 Trojan

[NOTE] The file was moved to '4db3ed77.qua'!

C:\Qoobox\Quarantine\C\Windows\System32\UACeipxlqcxyp.dll.vir

[DETECTION] Is the TR/Alureon.BF.2 Trojan

[NOTE] The file was moved to '4af657c8.qua'!

C:\Qoobox\Quarantine\C\Windows\System32\UACkvsgeuunif.dll.vir

[DETECTION] Is the TR/PCK.Tdss.Y.33 Trojan

[NOTE] The file was moved to '4c56e5d9.qua'!

C:\Qoobox\Quarantine\C\Windows\System32\UACteeryyexce.dll.vir

[DETECTION] Is the TR/PCK.Tdss.Y.33 Trojan

[NOTE] The file was moved to '4c11add9.qua'!

C:\Qoobox\Quarantine\C\Windows\System32\UACturcmghevm.dll.vir

[DETECTION] Is the TR/Dldr.FraudLoa.WD Trojan

[NOTE] The file was moved to '4c1f5611.qua'!

C:\Qoobox\Quarantine\C\Windows\System32\UACuttbqybqtw.dll.vir

[DETECTION] Is the TR/PCK.Tdss.Y.437 Trojan

[NOTE] The file was moved to '4c1c5e69.qua'!

C:\Qoobox\Quarantine\C\Windows\System32\config\systemprofile\protect.dll.vir

[DETECTION] Is the TR/Scar.EF.4 Trojan

[NOTE] The file was moved to '4b2257f9.qua'!

C:\Qoobox\Quarantine\C\Windows\System32\drivers\UACtcwwevpvfn.sys.vir

[DETECTION] Contains recognition pattern of the RKIT/Agent.rrp root kit

[NOTE] The file was moved to '4af657c9.qua'!

C:\Users\The Dad\AppData\Local\Mozilla\Firefox\Profiles\0a9vcf0g.default\Cache\5363FDC5d01

[DETECTION] Contains HEUR/HTML.Malware suspicious code

[NOTE] The detection was classified as suspicious.

[NOTE] The file was moved to '4ae957bb.qua'!

C:\Users\The Dad\AppData\Local\Mozilla\Firefox\Profiles\0a9vcf0g.default\Cache\7D76DC4Ad01

[DETECTION] Contains HEUR/HTML.Malware suspicious code

[NOTE] The detection was classified as suspicious.

[NOTE] The file was moved to '4aea57cc.qua'!

C:\Windows\srpira1252948977.eXE

[DETECTION] Is the TR/Crypt.PEPM.Gen Trojan

[NOTE] The file was moved to '4b2357fa.qua'!

C:\Windows\System32\tftp.msc

[DETECTION] Is the TR/Dldr.Agent.wxk Trojan

[NOTE] The file was moved to '4b2757ee.qua'!

C:\Windows\System32\drivers\FILTER.sys

[DETECTION] Is the TR/Agent.cwje Trojan

[NOTE] The file was moved to '4aff57d1.qua'!

End of the scan: Friday, September 18, 2009 05:48

Used time: 1:48:57 Hour(s)

The scan has been done completely.

25891 Scanned directories

525777 Files were scanned

22 Viruses and/or unwanted programs were found

2 Files were classified as suspicious

0 files were deleted

0 Viruses and unwanted programs were repaired

24 Files were moved to quarantine

0 Files were renamed

7 Files cannot be scanned

525746 Files not concerned

3501 Archives were scanned

10 Warnings

26 Notes

110279 Objects were scanned with rootkit scan

0 Hidden objects were found

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.