diane Posted November 12, 2008 ID:34530 Share Posted November 12, 2008 all this from opening one email from a person i know. i don't know what this means but it can't be good.Malwarebytes' Anti-Malware 1.30Database version: 1385Windows 5.1.2600 Service Pack 311/11/2008 7:46:37 PMmbam-log-2008-11-11 (19-46-37).txtScan type: Full Scan (C:\|)Objects scanned: 100427Time elapsed: 42 minute(s), 41 second(s)Memory Processes Infected: 5Memory Modules Infected: 3Registry Keys Infected: 20Registry Values Infected: 8Registry Data Items Infected: 0Folders Infected: 1Files Infected: 28Memory Processes Infected:C:\Program Files\tinyproxy\tinyproxy.exe (Trojan.Proxy) -> Unloaded process successfully.C:\Program Files\Applications\iebtm.exe (Trojan.Zlob) -> Unloaded process successfully.C:\Program Files\Applications\iebtmm.exe (Trojan.Zlob) -> Unloaded process successfully.C:\Program Files\Applications\wcm.exe (Trojan.Zlob) -> Unloaded process successfully.C:\Program Files\Applications\wcs.exe (Trojan.Zlob) -> Unloaded process successfully.Memory Modules Infected:C:\WINDOWS\system32\367770\367770.dll (Trojan.BHO) -> Delete on reboot.C:\Program Files\Applications\iebr.dll (Trojan.Zlob) -> Delete on reboot.C:\Program Files\Applications\iebt.dll (Trojan.Zlob) -> Delete on reboot.Registry Keys Infected:HKEY_CLASSES_ROOT\TypeLib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{cad68085-8805-4fd3-aa1e-2e282ed7e7a2} (Trojan.BHO) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cad68085-8805-4fd3-aa1e-2e282ed7e7a2} (Trojan.BHO) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cad68085-8805-4fd3-aa1e-2e282ed7e7a2} (Trojan.BHO) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{e43b6656-814b-4839-8ff8-affde0da9a3f} (Trojan.Zlob) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e43b6656-814b-4839-8ff8-affde0da9a3f} (Trojan.Zlob) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\{8710df42-3171-4a3b-9079-3f7d7101552b} (Trojan.Zlob) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8710df42-3171-4a3b-9079-3f7d7101552b} (Trojan.Zlob) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8710df42-3171-4a3b-9079-3f7d7101552b} (Trojan.Zlob) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\apple mobile device (apple mobile device) (Trojan.Proxy) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\apple mobile device (apple mobile device) (Trojan.Proxy) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\apple mobile device (apple mobile device) (Trojan.Proxy) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEBrowse Tool (Trojan.Zlob) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IExplorer Bar (Trojan.Zlob) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Warning Center (Trojan.Zlob) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\multimediaControls.chl (Trojan.Zlob) -> Quarantined and deleted successfully.Registry Values Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{e43b6656-814b-4839-8ff8-affde0da9a3f} (Trojan.Zlob) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{e43b6656-814b-4839-8ff8-affde0da9a3f} (Trojan.Zlob) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysftray2 (Trojan.Agent) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\start (Trojan.Zlob) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\smile (Trojan.Zlob) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully.Registry Data Items Infected:(No malicious items detected)Folders Infected:C:\Program Files\TinyProxy (Trojan.Proxy) -> Quarantined and deleted successfully.Files Infected:C:\WINDOWS\system32\367770\367770.dll (Trojan.BHO) -> Delete on reboot.C:\Program Files\Applications\iebr.dll (Trojan.Zlob) -> Delete on reboot.C:\Program Files\Applications\iebt.dll (Trojan.Zlob) -> Delete on reboot.C:\Program Files\TinyProxy\tinyproxy.exe (Trojan.Proxy) -> Quarantined and deleted successfully.C:\WINDOWS\fmark2.dat (Malware.Trace) -> Quarantined and deleted successfully.C:\WINDOWS\bolivar25.exe (Trojan.Agent) -> Delete on reboot.C:\Documents and Settings\Administrator\My Documents\My Music\My Music.url (Trojan.Zlob) -> Quarantined and deleted successfully.C:\Documents and Settings\Administrator\My Documents\My Pictures\My Pictures.url (Trojan.Zlob) -> Quarantined and deleted successfully.C:\Documents and Settings\Administrator\My Documents\My Videos\My Video.url (Trojan.Zlob) -> Quarantined and deleted successfully.C:\Documents and Settings\Administrator\My Documents\My Documents.url (Trojan.Zlob) -> Quarantined and deleted successfully.C:\Program Files\Applications\iebtm.exe (Trojan.Zlob) -> Quarantined and deleted successfully.C:\Program Files\Applications\iebtmm.exe (Trojan.Zlob) -> Quarantined and deleted successfully.C:\Program Files\Applications\iebtu.exe (Trojan.Zlob) -> Quarantined and deleted successfully.C:\Program Files\Applications\iebu.exe (Trojan.Zlob) -> Quarantined and deleted successfully.C:\Program Files\Applications\myd.ico (Trojan.Zlob) -> Quarantined and deleted successfully.C:\Program Files\Applications\mym.ico (Trojan.Zlob) -> Quarantined and deleted successfully.C:\Program Files\Applications\myp.ico (Trojan.Zlob) -> Quarantined and deleted successfully.C:\Program Files\Applications\myv.ico (Trojan.Zlob) -> Quarantined and deleted successfully.C:\Program Files\Applications\ot.ico (Trojan.Zlob) -> Quarantined and deleted successfully.C:\Program Files\Applications\ts.ico (Trojan.Zlob) -> Quarantined and deleted successfully.C:\Program Files\Applications\wcm.exe (Trojan.Zlob) -> Quarantined and deleted successfully.C:\Program Files\Applications\wcs.exe (Trojan.Zlob) -> Quarantined and deleted successfully.C:\Program Files\Applications\wcu.exe (Trojan.Zlob) -> Quarantined and deleted successfully.C:\Documents and Settings\Administrator\Favorites\Antivirus Scan.url (Rogue.Link) -> Quarantined and deleted successfully.C:\Documents and Settings\All Users\Start Menu\Antivirus Scan.url (Trojan.Zlob) -> Quarantined and deleted successfully.C:\Documents and Settings\All Users\Desktop\Online Antispyware Test.url (Trojan.Zlob) -> Quarantined and deleted successfully.C:\Documents and Settings\All Users\Start Menu\Online Antispyware Test.url (Trojan.Zlob) -> Quarantined and deleted successfully.C:\Documents and Settings\All Users\Desktop\Antivirus Scan.url (Rogue.Link) -> Quarantined and deleted successfully. Link to post Share on other sites More sharing options...
JeanInMontana Posted November 13, 2008 ID:34605 Share Posted November 13, 2008 Hi Diane and welcome to Malwarebytes. It may not have been your friend, the address could have been spoofed. To be sure please have your friend download MBAM and scan also.Please update MBAM and run a new quick scan and post that log, be sure to remove all items found, and post that log then I need a log from this program too please.Please get HiJack This! install it to C:\Program FilesClose all programs leaving only HijackThis running, and click on scan and save a log. Post that log as a reply here in the body of the post, not as an attatchement.Post the MBAM log and then HJT in the same post. Be sure you have allowed email from this site and chosen to receive email notification of threads you have posted to. Link to post Share on other sites More sharing options...
Recommended Posts