once again thanks for the help here are the logs you requested
regards
Roger... ComboFix 08-07-10.1 - Martin 2008-07-11 15:01:09.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1106 [GMT 1:00]
Running from: C:\Users\Martin\Desktop\ComboFix.exe
Command switches used :: C:\Users\Martin\Desktop\CFScript.txt
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\AskSBar
C:\Program Files\DNA
C:\Program Files\DNA\btdna.exe
C:\Program Files\DNA\DNAcpl.cpl
C:\Program Files\DNA\plugins\npbtdna.dll
.
((((((((((((((((((((((((( Files Created from 2008-06-11 to 2008-07-11 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-11 13:45 --------- d-----w C:\Users\Martin\AppData\Roaming\HP
2008-07-11 13:45 --------- d-----w C:\Users\Martin\AppData\Roaming\CyberLink
2008-07-11 13:45 --------- d-----w C:\ProgramData\HP
2008-07-11 09:46 --------- d-----w C:\Users\Martin\AppData\Roaming\DNA
2008-07-10 12:02 174 --sha-w C:\Program Files\desktop.ini
2008-07-10 02:36 --------- d-----w C:\Program Files\Windows Mail
2008-07-07 12:09 --------- d-----w C:\Users\Martin\AppData\Roaming\LimeWire
2008-07-06 10:17 --------- d-----w C:\Program Files\Java
2008-07-05 19:35 --------- d-----w C:\Program Files\Alwil Software
2008-07-05 19:00 --------- d-----w C:\ProgramData\Comodo
2008-07-05 18:52 --------- d-----w C:\Program Files\Windows Live
2008-07-05 18:49 --------- d-----w C:\ProgramData\BOC426
2008-07-05 18:48 --------- d-----w C:\Program Files\Comodo
2008-07-05 18:46 262,144 ----a-w C:\Program Files\Uninstall Ask Toolbar.dll
2008-07-05 18:46 249,592 ----a-w C:\Windows\System32\cssdll32.dll
2008-07-05 18:41 85,008 ----a-w C:\Windows\system32\drivers\cmdguard.sys
2008-07-05 18:41 25,104 ----a-w C:\Windows\system32\drivers\cmdhlp.sys
2008-07-05 18:41 143,104 ----a-w C:\Windows\System32\guard32.dll
2008-07-05 18:41 --------- d-----w C:\Users\Martin\AppData\Roaming\Comodo
2008-07-05 18:17 499,712 ----a-w C:\Windows\System32\msvcp71.dll
2008-07-05 18:17 434,252 ----a-w C:\Windows\System32\MSVCRTD.DLL
2008-07-05 18:17 348,160 ----a-w C:\Windows\System32\msvcr71.dll
2008-07-05 18:17 216,576 ----a-w C:\Windows\System32\monln.dll
2008-07-05 18:17 1,060,864 ----a-w C:\Windows\System32\MFC71.dll
2008-07-05 16:55 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-07-05 16:32 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-07-05 16:13 --------- d-----w C:\ProgramData\Kaspersky Lab
2008-07-05 13:37 --------- d-----w C:\ProgramData\ADSL Software Ltd
2008-07-05 13:34 --------- d---a-w C:\ProgramData\TEMP
2008-07-05 13:30 3,022,457 --sh--w C:\Users\Martin\rundll32.exe
2008-07-05 12:25 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-07-05 12:22 --------- d-----w C:\ProgramData\Symantec
2008-07-05 11:50 --------- d-----w C:\Program Files\SpywareBlaster
2008-07-05 10:51 --------- d-----w C:\Users\Martin\AppData\Roaming\Sony Corporation
2008-07-05 10:50 --------- d-----w C:\ProgramData\SonicStage
2008-07-05 10:45 --------- d-----w C:\Program Files\Common Files\Sony Shared
2008-07-05 10:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-05 10:44 --------- d-----w C:\Program Files\Sony
2008-07-05 10:37 --------- d-----w C:\ProgramData\Sony Corporation
2008-07-04 20:37 --------- d-----w C:\ProgramData\Microsoft Help
2008-07-04 20:24 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-07-04 20:19 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-07-04 20:07 --------- d-----w C:\ProgramData\WLInstaller
2008-07-04 19:15 --------- d-----w C:\ProgramData\CyberLink
2008-07-04 17:49 --------- d-----w C:\Program Files\Windows Sidebar
2008-07-04 17:35 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-07-04 17:35 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-07-04 17:34 41,984 ----a-w C:\Windows\system32\drivers\monitor.sys
2008-07-04 17:34 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-07-04 17:33 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-07-04 17:33 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-07-04 17:33 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-07-04 17:33 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2008-07-04 17:30 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-07-04 17:30 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-07-04 17:30 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-07-04 17:30 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-07-04 17:30 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-07-04 17:29 1,585,664 ----a-w C:\Windows\System32\setupapi.dll
2008-07-04 17:27 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-07-04 17:27 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-07-04 17:27 2,048 ----a-w C:\Windows\System32\asferror.dll
2008-07-04 17:27 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-07-04 17:26 84,480 ----a-w C:\Windows\System32\INETRES.dll
2008-07-04 17:26 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2008-07-04 17:26 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-07-04 17:26 14,848 ----a-w C:\Windows\System32\wshrm.dll
2008-07-04 17:26 113,664 ----a-w C:\Windows\system32\drivers\rmcast.sys
2008-07-04 17:25 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-07-04 17:24 83,968 ----a-w C:\Windows\System32\dnsrslvr.dll
2008-07-04 17:24 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-07-04 17:24 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-04 17:24 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-07-04 17:24 24,576 ----a-w C:\Windows\System32\dnscacheugc.exe
2008-07-04 17:24 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-07-04 17:24 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-04 17:24 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-04 17:24 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-07-04 17:23 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2008-07-04 17:23 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2008-07-04 17:23 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2008-07-04 17:23 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2008-07-04 17:23 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2008-07-04 17:22 428,032 ----a-w C:\Windows\System32\EncDec.dll
2008-07-04 17:22 292,352 ----a-w C:\Windows\System32\psisdecd.dll
2008-07-04 17:22 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-07-04 17:22 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-07-04 17:21 --------- d-----w C:\Program Files\MSXML 4.0
2008-07-04 17:19 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-07-04 17:19 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-07-04 17:19 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-07-04 17:19 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-07-04 17:17 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-07-04 16:47 53,080 ----a-w C:\Windows\System32\wuauclt.exe
2008-07-04 16:47 43,352 ----a-w C:\Windows\System32\wups2.dll
2008-07-04 16:47 1,712,984 ----a-w C:\Windows\System32\wuaueng.dll
2008-07-04 16:47 1,524,224 ----a-w C:\Windows\System32\wucltux.dll
2008-07-04 16:46 80,896 ----a-w C:\Windows\System32\wudriver.dll
2008-07-04 16:46 549,720 ----a-w C:\Windows\System32\wuapi.dll
2008-07-04 16:46 33,624 ----a-w C:\Windows\System32\wups.dll
.
((((((((((((((((((((((((((((( snapshot@2008-07-11_11.44.27.91 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-11 10:33:54 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-07-11 13:30:33 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-07-11 10:33:57 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-07-11 13:42:45 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-07-11 10:33:57 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-07-11 13:42:45 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-07-11 10:33:57 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-07-11 13:42:45 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-07-10 19:58:54 216,840 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2008-07-11 13:30:35 220,752 ----a-w C:\Windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-07-04 18:25 1232896]
"HPAdvisor"="C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-10-02 00:10 1783136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-28 09:06 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-28 09:06 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-28 09:06 81920]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 09:29 102400]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-10-03 05:00 181544]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-06 21:46 202032]
"UCam_Menu"="C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-17 07:13 218408]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 11:06 40048]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-09 00:24 54840]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 16:47 480560]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 23:53 311296]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"COMODO SafeSurf"="C:\Program Files\COMODO\SafeSurf\cssurf.exe" [2008-07-05 19:46 278264]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\cfp.exe" [2008-07-05 19:41 1655552]
"BOC-426"="C:\PROGRA~1\Comodo\CBOClean\BOC426.exe" [2008-04-10 11:08 351480]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 00:19 79224]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-679001292-66422414-1588714111-1000]
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F41ECE71-C64E-4922-8123-95BA4AE84324}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{40CAB336-B0A5-410A-A6E0-17B4FBD42F9F}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{36409F86-A6D2-45D2-9BE5-EFD1AC64413C}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{67EED7DB-DD87-43A4-ADD4-7F4848BD017E}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{04F37E9B-95A9-4956-A065-2B307F20DA94}"= C:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{DEAE9CAE-BB15-48BF-8E51-07B65C56F27E}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{B0049295-A23F-49CC-B9C4-AB5B3B13E62B}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{71CC8D69-5FB0-47A6-933A-C4F2297F5E55}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{2B488174-4A70-4C64-90C1-2E6CBFD4C4BB}"= UDP:C:\Windows\System32\ftp.exe:FileTransferProtocol
"{D3835FFD-8245-4258-B70F-7E85624DF82C}"= TCP:C:\Windows\System32\ftp.exe:FileTransferProtocol
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DisabledInterfaces"= {A3644263-C2E8-48C9-A3D5-26A742EE748D},{905A37FB-65CD-4BFB-AF17-592BF938A722}
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 00:20]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys [2008-07-05 19:41]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys [2008-07-05 19:41]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 00:16]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 00:18]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
S3 GameConsoleService;GameConsoleService;C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2007-07-24 00:33]
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-07-11 15:04:49
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\Windows\system32\winlogon.exe
-> C:\Windows\system32\guard32.dll
PROCESS: C:\Windows\system32\lsass.exe
-> C:\Windows\system32\guard32.dll
.
Completion time: 2008-07-11 15:06:35
ComboFix-quarantined-files.txt 2008-07-11 14:06:30
ComboFix2.txt 2008-07-11 10:44:50
The system cannot find message text for message number 0x2379 in the message file for Application.
Post-Run: 133,628,289,024 bytes free
215 --- E O F --- 2008-07-11 10:30:35
installed programs list
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player ActiveX
Adobe Reader 8.1.0
Adobe Shockwave Player
AIM 6
AOL Toolbar 5.0
Ask Toolbar
Atheros Driver Installation Program
avast! Antivirus
BOClean
COMODO Firewall Pro
COMODO SafeSurf
Compatibility Pack for the 2007 Office system
Conexant HD Audio
CyberLink YouCam
DVD Suite
EA Link
ESU for Microsoft Vista
HDAUDIO Soft Data Fax Modem with SmartCP
Hewlett-Packard Active Check
Hewlett-Packard Asset Agent for Health Check
HP Customer Experience Enhancements
HP Doc Viewer
HP DVD Play 3.6
HP Easy Setup - Frontend
HP Help and Support
HP Quick Launch Buttons 6.30 D2
HP Total Care Advisor
HP Update
HP User Guides 0091
HP Wireless Assistant
Java(TM) 6 Update 2
Java(TM) 6 Update 5
LabelPrint
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox (3.0)
MSCU for Microsoft Vista
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
muvee autoProducer 6.1
My HP Games
NetWaiting
NVIDIA Drivers
OpenMG Limited Patch 4.4-06-13-19-01
OpenMG Secure Module 4.4.00
Power2Go
PowerDirector
QuickPlay SlingPlayer 0.4.4
Security Update for Excel 2007 (KB946974)
Security Update for Microsoft Office system 2007 (KB951808)
Security Update for Microsoft Office Word 2007 (KB950113)
Security Update for Office 2007 (KB947801)
SonicStage 3.4
Spybot - Search & Destroy
SpywareBlaster 4.1
Synaptics Pointing Device Driver
The Sims™ Life Stories
Update for Office 2007 (KB946691)
Viewpoint Media Player
Windows Live installer
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Writer
virus total log
File WinRAR.exe received on 07.11.2008 06:49:04 (CET)
Current status: finished
Result: 6/33 (18.18%)
Compact Print results
Antivirus Version Last Update Result
AhnLab-V3 2008.7.11.0 2008.07.10 -
AntiVir 7.8.0.64 2008.07.10 TR/Dldr.SetupFactory.F.1
Authentium 5.1.0.4 2008.07.10 -
Avast 4.8.1195.0 2008.07.11 -
AVG 7.5.0.516 2008.07.10 Downloader.Generic7.YHF
BitDefender 7.2 2008.07.11 -
CAT-QuickHeal 9.50 2008.07.10 -
ClamAV 0.93.1 2008.07.11 -
DrWeb 4.44.0.09170 2008.07.10 -
eSafe 7.0.17.0 2008.07.10 -
eTrust-Vet 31.6.5943 2008.07.10 -
Ewido 4.0 2008.07.10 -
F-Prot 4.4.4.56 2008.07.10 -
F-Secure 7.60.13501.0 2008.07.10 -
Fortinet 3.14.0.0 2008.07.11 -
GData 2.0.7306.1023 2008.07.11 Trojan-Downloader.Win32.SetupFactory.f
Ikarus T3.1.1.26.0 2008.07.11 Trojan-Downloader.Win32.SetupFactory.f
Kaspersky 7.0.0.125 2008.07.11 Trojan-Downloader.Win32.SetupFactory.f
McAfee 5336 2008.07.10 -
Microsoft 1.3704 2008.07.10 -
NOD32v2 3260 2008.07.10 -
Norman 5.80.02 2008.07.10 -
Panda 9.0.0.4 2008.07.10 -
Prevx1 V2 2008.07.11 -
Rising 20.52.40.00 2008.07.11 -
Sophos 4.31.0 2008.07.11 -
Sunbelt 3.1.1509.1 2008.07.04 -
Symantec 10 2008.07.11 -
TheHacker 6.2.96.376 2008.07.10 -
TrendMicro 8.700.0.1004 2008.07.11 -
VBA32 3.12.6.9 2008.07.11 -
VirusBuster 4.5.11.0 2008.07.10 -
Webwasher-Gateway 6.6.2 2008.07.10 Trojan.Dldr.SetupFactory.F.1
Additional information
File size: 3022457 bytes
MD5...: 914f37eb5165e57a6ff7a23fe63a1b82
SHA1..: aab961457df3976c65ef7ebf853c2fc2c337db6b
SHA256: 21084246821650052923403b162aba9662f8d7cfd040014f444feb61ec9f8729
SHA512: e14c87655db18dc8d8b6525bc7f431e34609627df36cc80793943e8efe3dc1a9
8ee7eb32b28ef7e0dc49e7cab894618ecfaa2ec181e96e32317299cc3718a66f
PEiD..: Armadillo v1.71
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x401df4
timedatestamp.....: 0x42234a06 (Mon Feb 28 16:42:46 2005)
machinetype.......: 0x14c (I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x48c6 0x5000 6.30 443840097d2552d49b87df1dba651fd8
.rdata 0x6000 0xd64 0x1000 4.72 f20baf212027ea5ab56157f03dc43cdf
.data 0x7000 0x32e0 0x3000 1.02 ddf15c060d963753bf1388931ca39597
.rsrc 0xb000 0x6930 0x7000 5.41 98c08218206a57e7b37406b364bba653
( 2 imports )
> KERNEL32.dll: lstrcmpiA, lstrcpyA, lstrlenA, _lclose, RemoveDirectoryA, DeleteFileA, GetModuleFileNameA, _lread, _llseek, _lopen, GetDiskFreeSpaceA, SetCurrentDirectoryA, CreateDirectoryA, GetFileAttributesA, lstrcatA, GetTempPathA, GetCurrentDirectoryA, _lwrite, _lcreat, CloseHandle, GetExitCodeProcess, CreateProcessA, ExitProcess, TerminateProcess, GetCurrentProcess, HeapFree, HeapAlloc, GetModuleHandleA, GetStartupInfoA, GetCommandLineA, GetVersion, InitializeCriticalSection, EnterCriticalSection, LeaveCriticalSection, GetEnvironmentVariableA, GetVersionExA, HeapDestroy, HeapCreate, VirtualFree, VirtualAlloc, HeapReAlloc, RtlUnwind, UnhandledExceptionFilter, FreeEnvironmentStringsA, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStrings, GetEnvironmentStringsW, SetHandleCount, GetStdHandle, GetFileType, GetCurrentThreadId, TlsSetValue, TlsAlloc, SetLastError, TlsGetValue, GetLastError, WriteFile, GetCPInfo, GetACP, GetOEMCP, GetProcAddress, LoadLibraryA, InterlockedDecrement, InterlockedIncrement, MultiByteToWideChar, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW
> USER32.dll: MsgWaitForMultipleObjects, PeekMessageA, TranslateMessage, DispatchMessageA, wsprintfA, LoadCursorA, SetCursor, MessageBoxA
( 0 exports )
ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, July 11, 2008
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit (build 6000)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, July 11, 2008 13:13:58
Records in database: 941844
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
C:\
D:\
E:\
Scan statistics:
Files scanned: 129440
Threat name: 4
Infected objects: 8
Suspicious objects: 0
Duration of the scan: 01:35:30
File name / Threat name / Threats count
C:\QooBox\Quarantine\C\Windows\System32\cBSlLEVn.dll.vir Infected: Trojan.Win32.Monderc.gen 1
C:\QooBox\Quarantine\C\Windows\System32\kHaXPiGa.dll.vir Infected: Trojan.Win32.Monderc.gen 1
C:\QooBox\Quarantine\C\Windows\System32\mlJbARHW.dll.vir Infected: Trojan.Win32.Monderc.gen 1
C:\Users\Martin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DHT5K8HW\freecontent[1].htm Infected: Trojan-Downloader.JS.Agent.bsy 1
C:\Users\Martin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\USF073RJ\adv609[1].htm Infected: Packed.JS.Agent.k 1
C:\Users\Martin\AppData\Local\Microsoft\Windows\WER\ReportArchive\Report07764f57\Report.cab Infected: Trojan.Win32.Monderc.gen 1
C:\Users\Martin\Desktop\[4]-Submit_2008-07-11@15.00.zip Infected: Trojan-Downloader.Win32.SetupFactory.f 1
C:\Users\Martin\rundll32.exe Infected: Trojan-Downloader.Win32.SetupFactory.f 1
The selected area was scanned.