Inactive Win32 and Trojan virus

julia07 · 2010/10/19

[Inactive] Win32 and Trojan virus

I have a problem regarding my anti- virus..I download avast as my Anti virus but it wasn't able to detect the virus..What I can i do to remove the malware and the other viruses...thank you..

here is the attached the dds.text

DDS (Ver_10-10-10.03) - NTFSx86
Run by administrator at 10:48:41.84 on Wed 10/20/2010
Internet Explorer: 5.00.2920.0000
Microsoft Windows 2000 Professional 5.0.2195.0.1252.1.1033.18.223.27 [GMT 7:00]

============== Running Processes ===============

C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\E_S00RP1.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINNT\Explorer.exe
C:\WINNT\SOUNDMAN.EXE
C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE
C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_FATIAIP.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Microsoft Office\Office\EXCEL.EXE
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uSearch Bar = hxxp://www.yahoo.com/search/ie.html
mStart Page = hxxp://www.yahoo.com/
mDefault_Page_URL = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
mDefault_Search_Url = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uInternet Settings,ProxyServer = 192.168.1.2:3128
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn2\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn2\yt.dll
BHO: : {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn2\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn2\yt.dll
TB: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
uRun: [\\JHESA\EPSON Stylus Photo R230 Series] c:\winnt\system32\spool\drivers\w32x86\3\e_fatiaip.exe /fu "c:\docume~1\admini~1\locals~1\temp\E_S9.tmp" /EF "HKCU "
uRun: [\\JHESA\EPSON Stylus Photo R230 Series (Copy 1)] c:\winnt\system32\spool\drivers\w32x86\3\e_fatiaip.exe /fu "c:\docume~1\admini~1\locals~1\temp\E_S6.tmp" /EF "HKCU "
uRun: [\\George\EPSON Stylus Photo R230 Series (Copy 2)] c:\winnt\system32\spool\drivers\w32x86\3\e_fatiaip.exe /fu "c:\docume~1\admini~1\locals~1\temp\E_S84.tmp" /EF "HKCU "
uRun: [\\George\EPSON Stylus Photo R230 Series (Copy 1)] c:\winnt\system32\spool\drivers\w32x86\3\e_fatiaip.exe /fu "c:\docume~1\admini~1\locals~1\temp\E_S87.tmp" /EF "HKCU "
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [HPDJ Taskbar Utility] c:\winnt\system32\spool\drivers\w32x86\3\hpztsb04.exe
mRun: [Synchronization Manager] mobsync.exe /logon
mRun: [EPSON Stylus C45 Series] c:\winnt\system32\spool\drivers\w32x86\3\E_S4I3T1.EXE /P23 "EPSON Stylus C45 Series" /O5 "LPT1:" /M "Stylus C45 "
mRun: [EPSON Stylus C45 Series (Copy 2)] c:\winnt\system32\spool\drivers\w32x86\3\E_S4I3T1.EXE /P32 "EPSON Stylus C45 Series (Copy 2)" /O6 "USB002" /M "Stylus C45 "
mRun: [\\mitch\EPSON Stylus C45 Series] c:\winnt\system32\spool\drivers\w32x86\3\e_s4i3t1.exe /p31 "\\mitch\EPSON Stylus C45 Series" /O6 "USB002" /M "Stylus C45 "
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [\\LANIE\EPSON Stylus C45 Series] c:\winnt\system32\spool\drivers\w32x86\3\e_s4i3t1.exe /p31 "\\lanie\EPSON Stylus C45 Series" /O6 "USB002" /M "Stylus C45 "
mRun: [Ulead AutoDetector] c:\program files\ulead systems\ulead photo explorer 8.0 se basic\Monitor.exe
mRun: [\\JHESA\EPSON Stylus C45 Series] c:\winnt\system32\spool\drivers\w32x86\3\e_s4i3t1.exe /p31 "\\jhesa\EPSON Stylus C45 Series" /O6 "USB002" /M "Stylus C45 "
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
dRunOnce: [^SetupICWDesktop] c:\program files\internet explorer\connection wizard\icwconn1.exe /desktop
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
DPF: DirectAnimation Java Classes - file://c:\winnt\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\winnt\java\classes\xmldso.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {31564D57-0000-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmvax.cab
DPF: {32564D57-0000-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmv8ax.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\7fevzmpq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npkimi.dll
FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\winnt\system32\drivers\aswSP.sys [2010-10-11 114768]
R2 aswMon;avast! Standard Shield Support;c:\winnt\system32\drivers\aswmon.sys [2010-10-11 93296]
S3 AutorunDirectIO;AutorunDirectIO;\??\f:\autorun\diodrvr.sys --> f:\autorun\DIODrvr.sys [?]

=============== Created Last 30 ================

2010-10-19 10:04:39 -------- d-----w- c:\docume~1\admini~1\applic~1\TeamViewer
2010-10-19 10:04:08 -------- d-----w- c:\program files\TeamViewer

==================== Find3M ====================

============= FINISH: 10:59:19.48 ===============

attached text

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-10-10.03)

Microsoft Windows 2000 Professional
Boot Device: \Device\Harddisk0\Partition1
Install Date:
System Uptime: (971314 hours ago)

Motherboard: ECS | | 661GX-M2
Processor: Unknown Intel processor | socket 478 | 2000/100mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 39 GiB total, 30.612 GiB free.
D: is FIXED (NTFS) - 35 GiB total, 26.18 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

A4 Tech USB PC Camera
Adobe Acrobat 4.0
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop 7.0
avast! Antivirus
Camera Support
Digital Video
DirectX 8 Hotfix - KB839643
HijackThis 1.99.1
Imikimi Plugin
Microsoft Office 2000 Premium
Microsoft Office 2000 Professional
Microsoft Web Publishing Wizard 1.52
Mozilla Firefox (3.0.19)
Outlook Express Q837009
PIF DESIGNER2.1
QuickTime
RealPlayer
ScanToWeb
Sierra PhotoExpert
SiS 900 PCI Fast Ethernet Adapter Driver
SiS VGA Utilities
SiSAGP driver
Skype Toolbars
Skypeâ„¢ 4.2
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
Taiwan Furniture - June 2002 Issue
TeamViewer 5
Ulead Photo Explorer 8.0 SE Basic
VIA Audio Driver Setup Program
WebFldrs
Windows Media Player system update (9 Series)
WinZip
WOWpapers utility
XVID Codec Installation
Yahoo! Toolbar

==== End Of File ==========================

thank you
julia

broni · 2010/10/20

STEP 1. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/mbam.php to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick Scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

STEP 2. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
Alternative downloads:
- http://majorgeeks.com/GMER_d5198.html
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
Do NOT use the computer while GMER is running!
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

STEP 3. Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

julia07 · 2010/10/20

I wasn't able to download the Malwarebytes' Anti-Malware..My computer is Windows 2000 it is compatible?Can I have some ways to download it or can you give me another??
can I used the other MBAM set-up from other computer???
thank you...

broni · 2010/10/20

Support for Windows 2000, XP, Vista, and 7 (32-bit and 64-bit).
Click to expand...

Let me know, what exactly happened.
Did you have a problem with downloading, or installing MBAM?
Any error messages?

julia07 · 2010/10/20

Yes,I have a problem in downloading the MBAM,and then I'm trying to install the MBAM set-up from the other computer and during my installation it stated that "An error has oocured ", please report this error code to our support team.MBAM_ERROR_LOAD_MD5(-2146893799,0)the key set is not defined...
Thank you.

broni · 2010/10/20

Proceed with two other steps and then....

Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/

Double-click SUPERAntiSpyware.exe and use the default settings for installation.

An icon will be created on your desktop. Double-click that icon to launch the program.

If asked to update the program definitions, click "Yes ". If not, update the definitions before scanning by selecting "Check for Updates ". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)

Close SUPERAntiSpyware.

Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; pick Safe Mode; you'll see "Safe Mode" in all four corners of your screen

Open SUPERAntiSpyware.

Under "Configuration and Preferences ", click the Preferences button.

Click the Scanning Control tab.

Under Scanner Options make sure the following are checked (leave all others unchecked):

Close browsers before scanning.

Terminate memory threats before quarantining.

Click the "Close" button to leave the control center screen.

Back on the main screen, under "Scan for Harmful Software" click Scan your computer.

On the left, make sure you check C:\Fixed Drive.

On the right, under "Complete Scan ", choose Perform Complete Scan.

Click "Next" to start the scan. Please be patient while it scans your computer.

After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK ".

Make sure everything has a checkmark next to it and click "Next ".

A notification will appear that "Quarantine and Removal is Complete ". Click "OK" and then click the "Finish" button to return to the main menu.

If asked if you want to reboot, click "Yes ".

To retrieve the removal information after reboot, launch SUPERAntispyware again.

Click Preferences, then click the Statistics/Logs tab.

Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.

Copy and paste the Scan Log results in your next reply with a new HijackThis log.

Click Close to exit the program.

Post SUPERAntiSpyware log.

julia07 · 2010/10/20

I can't post superantispyware log here..
It's too long..What can I do..Is the superantispyware is applicable to remove all the viruses in my computer?Is this advisable??What can I do?I'm m still confusing..The virus found is almost 500plus...Hope I can post the Log here to analyze you all the result during scan time using auperantispyware..
thank you...

julia07 · 2010/10/20

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/21/2010 at 10:37 AM

Application Version : 4.44.1000

Core Rules Database Version : 5610
Trace Rules Database Version: 3422

Scan type : Quick Scan
Total Scan Time : 00:42:19

Memory items scanned : 311
Memory threats detected : 0
Registry items scanned : 1313
Registry threats detected : 39
File items scanned : 19377
File threats detected : 513

Adware.Tracking Cookie
C:\Documents and Settings\Administrator\Cookies\administrator@clicksor[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@roiservice[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.findarticles[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@s[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.realtechnetwork[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@azjmp[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@cgi-bin[4].txt
C:\Documents and Settings\Administrator\Cookies\administrator@xiti[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@findyourfaith[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@iframe.mediaplazza[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.clickxchange[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@data2.perf.overture[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@data1.perf.overture[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@cgi-bin[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@bravenet[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@dealtime[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@revsci[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@msnportal.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@perf.overture[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@2o7[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.filipinodatefinder[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@qksrv[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@stat.onestat[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@citi.bridgetrack[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@usatoday1.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@overture[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@qnsr[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.dealtime[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.addynamix[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@crackle[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@cgi-bin[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@208.122.40[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@edge.ru4[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@atwola[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@quebec.indymedia[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@nextag[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@minibite.sitetracker[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@image.masterstats[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@weborama[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@smileycentral[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ignitehealth.122.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@media.clickfly[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@questionmarket[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@indextools[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adserv.mystarmedia[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@burstnet[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@server.iad.liveperson[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@entrepreneurs.suite101[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@1072648140[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@a.findarticles[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@web-stat[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@data4.perf.overture[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@tripod[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@i[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@windowsmedia[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.windowsmedia[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.pointroll[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@stat.dealtime[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@keywordmax[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adinterax[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.burstnet[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adv.webmd[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www.emp3finder[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@countrycodes[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.monster[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@bizrate[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@209.9.174[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@1.marketbanker[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@tacoda[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@insightexpressai[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@realmedia[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@metacafe.122.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@webstats4u[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.glispa[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@web4.realtracker[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@www2.mystats[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@media6degrees[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@microsoftwindows.112.2o7[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@richmedia.yahoo[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ads.hitsquad[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@login.tracking101[2].txt
crackle.com [ C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\CYTHQ5BB ]
googleads.g.doubleclick.net [ C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\CYTHQ5BB ]
interclick.com [ C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\CYTHQ5BB ]
media.fliptrack.com [ C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\CYTHQ5BB ]
media.moblyng.com [ C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\CYTHQ5BB ]
media.scanscout.com [ C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\CYTHQ5BB ]
media.tattomedia.com [ C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\CYTHQ5BB ]
media.y8.com [ C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\CYTHQ5BB ]
media01.kyte.tv [ C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\CYTHQ5BB ]
secure-us.imrworldwide.com [ C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\CYTHQ5BB ]
ad.yieldmanager.com [ C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7fevzmpq.default\cookies.sqlite ]

broni · 2010/10/20

I assume, this is not a whole log?
If it's really big.....

Upload the file(s) here: http://www.filedropper.com/
Post download link (copy URL: link):

julia07 · 2010/10/21

YES!the last post about is not a whole log..I'm trying to post the whole but an error is accured the text is too long..

here the link of the file using filedropper..
http://www.filedropper.com/superantispywarescanlog-10-21-2010-10-37-28
I hope that it will help me to solve all the problems regarding this matter...

broni · 2010/10/21

Unfortunately, that site seems to be having some problems at the moment.
I can't access it.
I can try later, or you can try another site: http://uploadmb.com/

julia07 · 2010/10/21

Good day,here's the link:
I'll post all the link;
Forum Code:SUPERAntiSpyware Scan Log - 10-21-2010 - 10-37-28.log

direct link:http://www.uploadmb.com/dw.php?id=1287708774

html code:<A HREF='http://www.uploadmb.com/dw.php?id=1287708774'>SUPERAntiSpyware Scan Log - 10-21-2010 - 10-37-28.log</A>

broni · 2010/10/21

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/21/2010 at 10:37 AM

Application Version : 4.44.1000

Core Rules Database Version : 5610
Trace Rules Database Version: 3422

Scan type : Quick Scan
Total Scan Time : 00:42:19

Memory items scanned : 311
Memory threats detected : 0
Registry items scanned : 1313
Registry threats detected : 39
File items scanned : 19377
File threats detected : 513

Adware.Tracking Cookie
[tracking cookies omitted - Broni}

Adware.Smart-Browser
HKCR\CLSID\{00000186-C745-43D2-44F1-01A1C789C738}
HKCR\CLSID\{00000186-C745-43D2-44F1-01A1C789C738}\InprocServer32

Adware.WhenU
HKCR\ACM.ACMFactory
HKCR\ACM.ACMFactory\CLSID
HKCR\ACM.ACMFactory\CurVer
HKCR\ACM.ACMFactory.1
HKCR\ACM.ACMFactory.1\CLSID
HKCR\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}
HKCR\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\ProxyStubClsid
HKCR\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\ProxyStubClsid32
HKCR\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\TypeLib
HKCR\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\TypeLib#Version
HKCR\AppId\{127DF9B4-D75D-44A6-AF78-8C3A8CEB03DB}
HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}
HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}#AppID
HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\InprocServer32
HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\InprocServer32#ThreadingModel
HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\ProgID
HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\Programmable
HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\TypeLib
HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\VersionIndependentProgID
HKCR\AppId\ACM.DLL
HKCR\AppId\ACM.DLL#AppID
HKCR\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}
HKCR\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0
HKCR\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\0
HKCR\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\0\win32
HKCR\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\FLAGS
HKCR\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\HELPDIR
HKCR\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}
HKCR\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\ProxyStubClsid
HKCR\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\ProxyStubClsid32
HKCR\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\TypeLib
HKCR\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\TypeLib#Version
HKCR\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}
HKCR\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\ProxyStubClsid
HKCR\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\ProxyStubClsid32
HKCR\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\TypeLib
HKCR\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\TypeLib#Version
C:\Program Files\Save\ACM.dll
C:\Program Files\Save\store.db
C:\Program Files\Save

Trojan.Conficker/Variant
C:\WINNT\SYSTEM32\VTJBFE.DLL
C:\WINNT\SYSTEM32\VTJBFE.KM

Trojan.Agent/Gen-FakeAlert
D:\KAHITANO\BACKUP\PRGFILES\CALIBRE INC\PRINTCONNECT\PRINTCONNECT UNINSTALL.EXE

Trojan.Agent/Gen-Koobface[Bonkers]
D:\KAHITANO\BACKUP\PRGFILES\CALIBRE INC\PRINTCONNECT\XSENDREG.EXE

broni · 2010/10/21

Now, I need GMER and MBRCheck logs.

julia07 · 2010/10/22

what will i do??

broni · 2010/10/22

Please, read my reply #2.

Log in or Sign up

Inactive Win32 and Trojan virus

julia07 Inactive Thread Starter

broni Moderator Malware Analyst

julia07 Inactive Thread Starter

broni Moderator Malware Analyst

julia07 Inactive Thread Starter

broni Moderator Malware Analyst

julia07 Inactive Thread Starter

julia07 Inactive Thread Starter

broni Moderator Malware Analyst

julia07 Inactive Thread Starter

broni Moderator Malware Analyst

julia07 Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

julia07 Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Inactive Win32 and Trojan virus

julia07 Inactive Thread Starter

broni Moderator Malware Analyst

julia07 Inactive Thread Starter

broni Moderator Malware Analyst

julia07 Inactive Thread Starter

broni Moderator Malware Analyst

julia07 Inactive Thread Starter

julia07 Inactive Thread Starter

broni Moderator Malware Analyst

julia07 Inactive Thread Starter

broni Moderator Malware Analyst

julia07 Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

julia07 Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches