Post by Alli on Aug 18, 2013 1:48:41 GMT 1
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2013.08.17.04
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Administrator :: PALL [administrator]
8/17/2013 5:55:26 PM
mbam-log-2013-08-17 (17-55-26).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 271230
Time elapsed: 42 minute(s), 1 second(s)
Memory Processes Detected: 4
C:\Documents and Settings\Administrator\Application Data\88CB8\0CE03.exe (Trojan.Dropper.PE4) -> 1384 -> Delete on reboot.
C:\Program Files\LP\03E8\8F8.exe (Trojan.Dropper.PE4) -> 1600 -> Delete on reboot.
C:\Documents and Settings\Administrator\Application Data\Microsoft\conhost.exe (Backdoor.Bot) -> 1844 -> Delete on reboot.
C:\Program Files\B80E0\lvvm.exe (Trojan.Dropper.PE4) -> 220 -> Delete on reboot.
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|8F8.exe (Trojan.Dropper.PE4) -> Data: C:\Program Files\LP\03E8\8F8.exe -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|conhost (Backdoor.Bot) -> Data: C:\Documents and Settings\Administrator\Application Data\Microsoft\conhost.exe -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|D61.exe (Trojan.Dropper.PE4) -> Data: C:\Program Files\LP\96F8\D61.exe -> Quarantined and deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|rwdvgudy (Trojan.FakeAV) -> Data: C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\Temp\ohjahvfsl\hgipnyotsbl.exe -> Quarantined and deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|oMmLo01200 (Rogue.Installer) -> Data: C:\Documents and Settings\All Users\Application Data\oMmLo01200\oMmLo01200.exe -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Hijack.Shell.Gen) -> Data: explorer.exe,C:\Documents and Settings\Administrator\Application Data\88CB8\0CE03.exe -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoFolderOptions (Hijack.FolderOptions) -> Data: 1 -> Quarantined and deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings|ProxyServer (PUM.Bad.Proxy) -> Data: http=127.0.0.1:53152 -> Quarantined and deleted successfully.
Registry Data Items Detected: 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowRun (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|StartMenuLogoff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
Folders Detected: 2
C:\Documents and Settings\Administrator\Application Data\Wolfram Antivirus (Rogue.WolfRamAntiVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Start Menu\Programs\Wolfram Antivirus (Rogue.WolfRamAntiVirus) -> Quarantined and deleted successfully.
Files Detected: 48
C:\Documents and Settings\Administrator\Application Data\88CB8\0CE03.exe (Trojan.Dropper.PE4) -> Delete on reboot.
C:\Program Files\LP\03E8\8F8.exe (Trojan.Dropper.PE4) -> Delete on reboot.
C:\Documents and Settings\Administrator\Application Data\Microsoft\conhost.exe (Backdoor.Bot) -> Delete on reboot.
C:\Program Files\B80E0\lvvm.exe (Trojan.Dropper.PE4) -> Delete on reboot.
C:\Program Files\LP\96F8\D61.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\ohjahvfsl\hgipnyotsbl.exe (Trojan.FakeAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\oMmLo01200\oMmLo01200.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Application Data\dwm.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Application Data\Microsoft\conhost.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\dwm.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\88CB8\72696.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\Wolfram Antivirus\csrss.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\Wolfram Antivirus\Wolfram Antivirus.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Aph\Application Data\Microsoft\conhost.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\firefox.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\88CB8\0CE03.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\88CB8\72696.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\B80E0\lvvm.exe (Trojan.Gbot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\Microsoft\03E8\2.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\Microsoft\03E8\16.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\Microsoft\03E8\1D.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\Microsoft\03E8\1E.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\Microsoft\03E8\40.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\Microsoft\03E8\42.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\Microsoft\03E8\5.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\Microsoft\03E8\57.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\Microsoft\03E8\58.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\Microsoft\03E8\6.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\Microsoft\03E8\8.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\Microsoft\03E8\20.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\Microsoft\03E8\21.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\Microsoft\03E8\27.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\Microsoft\03E8\29.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\Microsoft\03E8\2B.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\Microsoft\03E8\2C.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\Microsoft\03E8\3.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\Microsoft\03E8\34.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\Microsoft\03E8\8F8.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\Microsoft\03E8\90.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\Microsoft\03E8\A.tmp (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\Microsoft\03E8\F.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\Microsoft\96F8\1.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\Microsoft\96F8\7.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\Microsoft\96F8\D61.exe (Trojan.Gbot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\My Documents\Downloads\freesystemscan.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\Wolfram Antivirus\wf.conf (Rogue.WolfRamAntiVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\Wolfram Antivirus\Wolfram Antivirus.ico (Rogue.WolfRamAntiVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Start Menu\Programs\Wolfram Antivirus\Wolfram Antivirus.lnk (Rogue.WolfRamAntiVirus) -> Quarantined and deleted successfully.
(end)
www.malwarebytes.org
Database version: v2013.08.17.04
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Administrator :: PALL [administrator]
8/17/2013 5:55:26 PM
mbam-log-2013-08-17 (17-55-26).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 271230
Time elapsed: 42 minute(s), 1 second(s)
Memory Processes Detected: 4
C:\Documents and Settings\Administrator\Application Data\88CB8\0CE03.exe (Trojan.Dropper.PE4) -> 1384 -> Delete on reboot.
C:\Program Files\LP\03E8\8F8.exe (Trojan.Dropper.PE4) -> 1600 -> Delete on reboot.
C:\Documents and Settings\Administrator\Application Data\Microsoft\conhost.exe (Backdoor.Bot) -> 1844 -> Delete on reboot.
C:\Program Files\B80E0\lvvm.exe (Trojan.Dropper.PE4) -> 220 -> Delete on reboot.
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|8F8.exe (Trojan.Dropper.PE4) -> Data: C:\Program Files\LP\03E8\8F8.exe -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|conhost (Backdoor.Bot) -> Data: C:\Documents and Settings\Administrator\Application Data\Microsoft\conhost.exe -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|D61.exe (Trojan.Dropper.PE4) -> Data: C:\Program Files\LP\96F8\D61.exe -> Quarantined and deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|rwdvgudy (Trojan.FakeAV) -> Data: C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\Temp\ohjahvfsl\hgipnyotsbl.exe -> Quarantined and deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|oMmLo01200 (Rogue.Installer) -> Data: C:\Documents and Settings\All Users\Application Data\oMmLo01200\oMmLo01200.exe -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Hijack.Shell.Gen) -> Data: explorer.exe,C:\Documents and Settings\Administrator\Application Data\88CB8\0CE03.exe -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoFolderOptions (Hijack.FolderOptions) -> Data: 1 -> Quarantined and deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings|ProxyServer (PUM.Bad.Proxy) -> Data: http=127.0.0.1:53152 -> Quarantined and deleted successfully.
Registry Data Items Detected: 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowRun (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|StartMenuLogoff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
Folders Detected: 2
C:\Documents and Settings\Administrator\Application Data\Wolfram Antivirus (Rogue.WolfRamAntiVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Start Menu\Programs\Wolfram Antivirus (Rogue.WolfRamAntiVirus) -> Quarantined and deleted successfully.
Files Detected: 48
C:\Documents and Settings\Administrator\Application Data\88CB8\0CE03.exe (Trojan.Dropper.PE4) -> Delete on reboot.
C:\Program Files\LP\03E8\8F8.exe (Trojan.Dropper.PE4) -> Delete on reboot.
C:\Documents and Settings\Administrator\Application Data\Microsoft\conhost.exe (Backdoor.Bot) -> Delete on reboot.
C:\Program Files\B80E0\lvvm.exe (Trojan.Dropper.PE4) -> Delete on reboot.
C:\Program Files\LP\96F8\D61.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\ohjahvfsl\hgipnyotsbl.exe (Trojan.FakeAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\oMmLo01200\oMmLo01200.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Application Data\dwm.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Application Data\Microsoft\conhost.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\dwm.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\88CB8\72696.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\Wolfram Antivirus\csrss.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\Wolfram Antivirus\Wolfram Antivirus.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Aph\Application Data\Microsoft\conhost.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\firefox.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\88CB8\0CE03.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\88CB8\72696.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\B80E0\lvvm.exe (Trojan.Gbot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\Microsoft\03E8\2.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\Microsoft\03E8\16.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\Microsoft\03E8\1D.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\Microsoft\03E8\1E.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\Microsoft\03E8\40.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\Microsoft\03E8\42.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\Microsoft\03E8\5.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\Microsoft\03E8\57.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\Microsoft\03E8\58.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\Microsoft\03E8\6.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\Microsoft\03E8\8.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\Microsoft\03E8\20.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\Microsoft\03E8\21.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\Microsoft\03E8\27.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\Microsoft\03E8\29.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\Microsoft\03E8\2B.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\Microsoft\03E8\2C.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\Microsoft\03E8\3.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\Microsoft\03E8\34.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\Microsoft\03E8\8F8.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\Microsoft\03E8\90.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\Microsoft\03E8\A.tmp (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\Microsoft\03E8\F.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\Microsoft\96F8\1.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\Microsoft\96F8\7.exe (Trojan.Dropper.PE4) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Application Data\Microsoft\96F8\D61.exe (Trojan.Gbot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\My Documents\Downloads\freesystemscan.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\Wolfram Antivirus\wf.conf (Rogue.WolfRamAntiVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\Wolfram Antivirus\Wolfram Antivirus.ico (Rogue.WolfRamAntiVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Start Menu\Programs\Wolfram Antivirus\Wolfram Antivirus.lnk (Rogue.WolfRamAntiVirus) -> Quarantined and deleted successfully.
(end)