ComboFix Log
ComboFix 09-05-07.01 - Compaq_Owner 12/05/2009 23:40.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.511.293 [GMT 1:00]
Running from: c:\documents and settings\Compaq_Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Compaq_Owner\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
FILE ::
c:\windows\system32\fdwbplx.dll
c:\windows\system32\lmn_setup.exe
c:\windows\system32\mjpcdiez.dll
c:\windows\system32\qemmpqy.dll
c:\windows\Tasks\At2.job
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\lmn_setup.exe
c:\windows\Tasks\At2.job
c:\windows\system32\fdwbplx.dll . . . . failed to delete
c:\windows\system32\mjpcdiez.dll . . . . failed to delete
c:\windows\system32\qemmpqy.dll . . . . failed to delete
.
((((((((((((((((((((((((( Files Created from 2009-04-12 to 2009-05-12 )))))))))))))))))))))))))))))))
.
2009-05-07 17:29 . 2009-05-07 17:29 -------- d-----w c:\documents and settings\Compaq_Owner\Application Data\zatdzknq
2009-05-07 17:29 . 2009-05-07 17:29 -------- d-----w c:\documents and settings\Compaq_Owner\Local Settings\Application Data\zatdzknq
2009-05-07 17:18 . 2009-05-07 17:18 -------- d-----w c:\documents and settings\NetworkService\Application Data\zatdzknq
2009-05-07 17:18 . 2009-05-07 17:18 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\zatdzknq
2009-05-01 17:43 . 2009-04-06 14:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-01 17:43 . 2009-04-06 14:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-29 22:46 . 2009-04-29 22:46 -------- d-----w c:\documents and settings\Compaq_Owner\Application Data\Malwarebytes
2009-04-29 22:43 . 2009-04-29 22:43 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-29 22:43 . 2009-05-01 17:43 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-05-11 11:26 . 2008-10-03 14:21 11952 ----a-w c:\windows\system32\avgrsstx.dll
2009-05-11 11:26 . 2008-10-03 14:21 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-05-11 11:26 . 2008-10-03 14:21 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-05-07 17:50 . 2004-08-04 12:00 143872 ----a-w c:\windows\system32\mjpcdiez.dll
2009-05-07 17:50 . 2004-08-04 12:00 104960 ----a-w c:\windows\system32\qemmpqy.dll
2009-03-06 14:44 . 2004-08-04 12:00 283648 ----a-w c:\windows\system32\pdh.dll
2009-03-02 22:54 . 2004-08-04 12:00 28624 ----a-w c:\windows\system32\drivers\secdrv.sys
2009-03-02 22:54 . 2009-03-02 22:54 536 ----a-w c:\windows\eReg.dat
2009-02-22 21:18 . 2009-02-22 21:11 256 ----a-w c:\windows\system32\pool.bin
2009-02-20 08:30 . 2004-08-04 12:00 81920 ----a-w c:\windows\system32\ieencode.dll
2009-02-20 08:30 . 2004-08-04 12:00 659456 ----a-w c:\windows\system32\wininet.dll
2008-09-21 20:31 . 2008-09-21 20:31 389203 ----a-w c:\program files\CE.dll
2008-09-21 20:31 . 2008-09-21 20:31 144656 ----a-w c:\program files\WebLink.dll
2008-09-21 20:31 . 2008-09-21 20:31 1103120 ----a-w c:\program files\Synchronize.dll
2008-08-08 21:14 . 2008-08-08 21:14 66371 ----a-w c:\program files\BlackBerry_Desktop_Software_Help.chm
2008-08-08 21:14 . 2008-08-08 21:14 5319 ----a-w c:\program files\readme.txt
2008-05-15 18:05 . 2008-05-15 18:05 59904 ----a-w c:\program files\zlib1.dll
2008-05-15 18:05 . 2008-05-15 18:05 172032 ----a-w c:\program files\mimepp_core.dll
2008-05-15 18:05 . 2008-05-15 18:05 4456 ----a-w c:\program files\configurationupgrade.xml
2008-05-15 18:05 . 2008-05-15 18:05 4300 ----a-w c:\program files\conn_install.cfg
2008-05-15 18:05 . 2008-05-15 18:05 2256896 ----a-w c:\program files\ilsync.dll
2008-05-15 18:05 . 2008-05-15 18:05 1483 ----a-w c:\program files\configurationupgrade.dtd
2008-05-15 18:05 . 2008-05-15 18:05 10424 ----a-w c:\program files\System.dtd
2008-05-15 18:05 . 2008-05-15 18:05 26694 ----a-r c:\program files\blackberry.ico
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))) )))))))
.
---- Directory of c:\documents and settings\Compaq_Owner\Local Settings\Application Data\zatdzknq ----
2009-05-07 17:29 . 2009-05-07 17:31 32768 ----a-w c:\documents and settings\Compaq_Owner\Local Settings\Application Data\zatdzknq\Profiles\dq7svbb2.default\urlclassif ier3.sqlite
2009-05-07 17:29 . 2009-05-07 17:30 438116 ----a-w c:\documents and settings\Compaq_Owner\Local Settings\Application Data\zatdzknq\Profiles\dq7svbb2.default\XPC.mfl
((((((((((((((((((((((((((((( SnapShot@2009-05-07_17.53.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-12 22:43 . 2009-05-12 22:43 16384 c:\windows\Temp\Perflib_Perfdata_520.dat
+ 2008-10-03 14:21 . 2009-05-11 11:26 27784 c:\windows\system32\drivers\avgmfx86.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{15aebf3b-abd5-4570-bf88-4e8f30997a10}]
2004-08-04 12:00 104960 ------w c:\windows\system32\fdwbplx.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2009-01-26 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-02-24 5537792]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-11 11:26 11952 ----a-w c:\windows\system32\avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
R0 wywjlmtq;wywjlmtq;c:\windows\system32\drivers\wywj lmtq.sys [04/08/2004 13:00 23424]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [03/10/2008 15:21 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [03/10/2008 15:21 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [03/10/2008 15:21 908568]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [03/10/2008 15:21 298776]
S2 Aniptjoiz;Aniptjoiz;c:\windows\System32\svchost.ex e -k netsvcs [04/08/2004 13:00 14336]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Aniptjoiz
.
.
------- Supplementary Scan -------
.
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=Q105&bd=pres ario&pf=desktop
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=Q105&bd=presar io&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=Q105&bd=pres ario&pf=desktop
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: skills-arena.co.uk\www
Trusted Zone: skills-arena.com\www
Trusted Zone: skillsarena.co.uk\www
Trusted Zone: skillsarena.com\www
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
FF - ProfilePath - c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\c6x4hwuf.default\
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np32asw.dll
.
************************************************** ************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
GMER - Rootkit Detector and Remover
Rootkit scan 2009-05-12 23:43
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\docume~1\COMPAQ~1\LOCALS~1\Temp\Perflib_Perfdat a_dcc.dat 16384 bytes
scan completed successfully
hidden files: 1
************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(1196)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
.
************************************************** ************************
.
Completion time: 2009-05-12 23:45 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-12 22:45
ComboFix2.txt 2009-05-07 17:54
Pre-Run: 120,348,966,912 bytes free
Post-Run: 120,343,752,704 bytes free
173 --- E O F --- 2009-04-16 23:19
HijackThis Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:50:07, on 12/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
Yahoo! Search Marketing UK
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
Yahoo! Search Marketing UK
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
myAOL | Compaq
O2 - BHO: (no name) - {15aebf3b-abd5-4570-bf88-4e8f30997a10} - c:\windows\system32\fdwbplx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone:
Online skills testing, candidate testing and recruitment aptitude tests
O15 - Trusted Zone:
Online skills testing, candidate testing and recruitment aptitude tests
O15 - Trusted Zone:
Online skills testing, candidate testing and recruitment aptitude tests
O15 - Trusted Zone:
Online skills testing, candidate testing and recruitment aptitude tests
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 4725 bytes
Pool.bin scan:-
File pool.bin received on 05.13.2009 00:54:10 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/40 (0%)
Loading server information...
Your file is queued in position: ___.
Estimated start time is between ___ and ___ .
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.
You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:
Antivirus Version Last Update Result
a-squared 4.0.0.101 2009.05.12 -
AhnLab-V3 5.0.0.2 2009.05.12 -
AntiVir 7.9.0.166 2009.05.12 -
Antiy-AVL 2.0.3.1 2009.05.12 -
Authentium 5.1.2.4 2009.05.12 -
Avast 4.8.1335.0 2009.05.12 -
AVG 8.5.0.327 2009.05.12 -
BitDefender 7.2 2009.05.13 -
CAT-QuickHeal 10.00 2009.05.12 -
ClamAV 0.94.1 2009.05.12 -
Comodo 1157 2009.05.08 -
DrWeb 5.0.0.12182 2009.05.13 -
eSafe 7.0.17.0 2009.05.12 -
eTrust-Vet 31.6.6502 2009.05.12 -
F-Prot 4.4.4.56 2009.05.12 -
F-Secure 8.0.14470.0 2009.05.13 -
Fortinet 3.117.0.0 2009.05.12 -
GData 19 2009.05.13 -
Ikarus T3.1.1.49.0 2009.05.12 -
K7AntiVirus 7.10.732 2009.05.11 -
Kaspersky 7.0.0.125 2009.05.12 -
McAfee 5613 2009.05.12 -
McAfee+Artemis 5613 2009.05.12 -
McAfee-GW-Edition 6.7.6 2009.05.12 -
Microsoft 1.4602 2009.05.12 -
NOD32 4068 2009.05.12 -
Norman 6.01.05 2009.05.12 -
nProtect 2009.1.8.0 2009.05.12 -
Panda 10.0.0.14 2009.05.12 -
PCTools 4.4.2.0 2009.05.07 -
Prevx 3.0 2009.05.13 -
Rising 21.29.14.00 2009.05.12 -
Sophos 4.41.0 2009.05.12 -
Sunbelt 3.2.1858.2 2009.05.12 -
Symantec 1.4.4.12 2009.05.13 -
TheHacker 6.3.4.1.325 2009.05.12 -
TrendMicro 8.950.0.1092 2009.05.12 -
VBA32 3.12.10.4 2009.05.12 -
ViRobot 2009.5.12.1731 2009.05.12 -
VirusBuster 4.6.5.0 2009.05.12 -
Additional information
File size: 256 bytes
MD5...: 9c4e72f87ba61b82f20947f7d83ecb2a
SHA1..: 8317400d0f7ddd514fc77e68581e6b3d2c93b73e
SHA256: 12cecb0c1833d38db3a4ce7cd72a8a0e4f0c4d122c5f0b5234 8bfb722b5dc088
SHA512: 98b0a27fdaf03b1b5859f7c5873fe172964bdfefa01bc51ff4 370a067bf950a3
cccc369e037d8ae6d1fddd92b068f93df4f2282797f0b359ad cdfa9464db0004
ssdeep: 6:Qf8diWtparweHnKTec4XeC1dUYAC1h47vgop+Tslinpz:Qkg WQweHEecaeCDj+
IoWhnpz
PEiD..: -
TrID..: File type identification
Unknown!
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set
-
Wininet.dll scan:-
File wininet.dll received on 05.13.2009 00:58:52 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/39 (0%)
Loading server information...
Your file is queued in position: 2.
Estimated start time is between 49 and 70 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.
You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:
Antivirus Version Last Update Result
a-squared 4.0.0.101 2009.05.12 -
AhnLab-V3 5.0.0.2 2009.05.12 -
AntiVir 7.9.0.166 2009.05.12 -
Antiy-AVL 2.0.3.1 2009.05.12 -
Authentium 5.1.2.4 2009.05.12 -
Avast 4.8.1335.0 2009.05.12 -
AVG 8.5.0.327 2009.05.12 -
BitDefender 7.2 2009.05.13 -
CAT-QuickHeal 10.00 2009.05.12 -
ClamAV 0.94.1 2009.05.12 -
Comodo 1157 2009.05.08 -
DrWeb 5.0.0.12182 2009.05.13 -
eSafe 7.0.17.0 2009.05.12 -
eTrust-Vet 31.6.6502 2009.05.12 -
F-Prot 4.4.4.56 2009.05.12 -
F-Secure 8.0.14470.0 2009.05.13 -
Fortinet 3.117.0.0 2009.05.12 -
GData 19 2009.05.13 -
Ikarus T3.1.1.49.0 2009.05.12 -
K7AntiVirus 7.10.732 2009.05.11 -
Kaspersky 7.0.0.125 2009.05.12 -
McAfee 5613 2009.05.12 -
McAfee+Artemis 5613 2009.05.12 -
McAfee-GW-Edition 6.7.6 2009.05.12 -
Microsoft 1.4602 2009.05.12 -
NOD32 4068 2009.05.12 -
Norman 6.01.05 2009.05.12 -
nProtect 2009.1.8.0 2009.05.12 -
Panda 10.0.0.14 2009.05.12 -
PCTools 4.4.2.0 2009.05.07 -
Prevx 3.0 2009.05.13 -
Rising 21.29.14.00 2009.05.12 -
Sophos 4.41.0 2009.05.12 -
Sunbelt 3.2.1858.2 2009.05.12 -
Symantec 1.4.4.12 2009.05.13 -
TheHacker 6.3.4.1.325 2009.05.12 -
TrendMicro 8.950.0.1092 2009.05.12 -
VBA32 3.12.10.4 2009.05.12 -
ViRobot 2009.5.12.1731 2009.05.12 -
Additional information
File size: 659456 bytes
MD5...: f1dbf177aa0db2150e626595d0eff604
SHA1..: daab026c08844167fe2646e47c7247c5a4607087
SHA256: 9061aeb92f2dd0ec525897734c2ef384037ec704e43135be53 661b6d5daa28fc
SHA512: db2e24b59dee50cb18efb0e4dae45d2846ba28a0c3a20f04a8 aacfd23d8cc5cc
8310197b8e7d9fd372b1e69f0f192ee521fe9b43a0a846794b 97c156e031b261
ssdeep: 12288:M8+xzz32XoFzTtWT5WCictpDFraeQI3fh1QkTgS/mIvP59TMHHUkevTx6b
:M8Ez3GoFzTUT58ctNVaeQI3fh2kTgS/N
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x1551
timedatestamp.....: 0x499e6a1f (Fri Feb 20 08:30:23 2009)
machinetype.......: 0x14c (I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x87f80 0x88000 6.60 13cbbe0be435e78c04a38a33319aa786
.data 0x89000 0x5fd8 0x2200 2.35 12f4d378cef1956fc4482205e204f1fa
.rsrc 0x8f000 0x11828 0x11a00 4.76 072576a2bad68e7c2255c7949e64761d
.reloc 0xa1000 0x4fb8 0x5000 6.79 fbd851ca835fc049e55e3c62f04b010e
( 7 imports )
> ADVAPI32.dll: RegDeleteValueW, RegSetValueExW, RegQueryValueExW, RegCreateKeyA, RegOpenKeyA, RegEnumKeyA, CryptGetProvParam, CryptSetProvParam, CryptAcquireContextA, CryptReleaseContext, RegDeleteValueA, OpenThreadToken, OpenProcessToken, GetTokenInformation, RegOpenKeyExW, RegDeleteKeyA, RegCreateKeyExA, RegSetValueExA, RegQueryInfoKeyA, RegEnumKeyExA, RegEnumValueA, RegOpenKeyExA, RegQueryValueExA, RegCloseKey, GetUserNameA, OpenSCManagerA, EnumServicesStatusA, CloseServiceHandle, RegCreateKeyExW
> CRYPT32.dll: CertGetNameStringW, CryptDecodeObject, CertFindRDNAttr, CertRDNValueToStrA, CertControlStore, CertNameToStrA, CertCreateCertificateContext, CertGetCertificateContextProperty, CertFindCertificateInStore, CertSetCertificateContextProperty, CertOpenSystemStoreA, CertCloseStore, CertFindExtension, CertGetIntendedKeyUsage, CertDuplicateCertificateContext, CertFreeCertificateContext, CryptUnprotectData
> KERNEL32.dll: ExitThread, ExpandEnvironmentStringsA, SuspendThread, TerminateThread, GetACP, RtlMoveMemory, ResetEvent, CreateThread, Sleep, SetErrorMode, FormatMessageA, lstrcatA, SystemTimeToFileTime, SetUnhandledExceptionFilter, UnhandledExceptionFilter, TerminateProcess, GetSystemTimeAsFileTime, GetCurrentProcessId, GetTickCount, QueryPerformanceCounter, TlsGetValue, TlsAlloc, GetCurrentThreadId, TlsFree, TlsSetValue, WaitForMultipleObjects, GetTimeFormatA, lstrcpyA, InterlockedCompareExchange, GetCurrentThread, GetCurrentProcess, IsDBCSLeadByte, IsBadReadPtr, GlobalAlloc, GlobalFree, IsBadStringPtrW, DeleteFileA, IsBadCodePtr, IsBadWritePtr, SleepEx, GetModuleFileNameA, GetSystemTime, WritePrivateProfileStringA, WriteFile, SetFilePointer, ReadFile, FileTimeToSystemTime, LocalReAlloc, DeleteCriticalSection, InitializeCriticalSection, InterlockedDecrement, InterlockedIncrement, LocalAlloc, GetFileTime, ReleaseSemaphore, CreateSemaphoreA, LocalFileTimeToFileTime, MoveFileA, MoveFileExA, GetVersion, CompareStringA, GetFileAttributesA, GetEnvironmentVariableA, GetWindowsDirectoryA, RemoveDirectoryA, GetShortPathNameA, FileTimeToDosDateTime, SetFileAttributesA, GetPrivateProfileStringA, SetFileTime, CreateDirectoryA, CopyFileA, DeviceIoControl, GetDiskFreeSpaceA, FindClose, FindNextFileA, FindFirstFileA, DosDateTimeToFileTime, FlushViewOfFile, UnmapViewOfFile, MapViewOfFileEx, CreateFileMappingA, OpenFileMappingA, SetEndOfFile, LoadLibraryExA, GetUserDefaultLCID, HeapFree, HeapAlloc, GetProcessHeap, GetComputerNameA, LoadLibraryW, GlobalUnlock, GlobalLock, GlobalSize, lstrcpynW, InitializeCriticalSectionAndSpinCount, GetDateFormatA, WaitForSingleObject, GetProcAddress, LoadLibraryA, lstrcmpiA, GetLastError, FreeLibrary, lstrcpynA, lstrlenA, WideCharToMultiByte, InterlockedExchange, CloseHandle, OpenEventA, LeaveCriticalSection, EnterCriticalSection, SetLastError, LocalFree, GetVersionExA, GetFileSize, CreateFileA, GetSystemDirectoryA, lstrlenW, MultiByteToWideChar, GetModuleHandleA, OpenMutexA, CreateMutexA, ReleaseMutex, RaiseException, lstrcmpA, SetEvent, CreateEventA, IsBadStringPtrA
> msvcrt.dll: isdigit, strpbrk, isspace, isalnum, time, strtoul, _vsnprintf, _ftol, ispunct, iscntrl, isalpha, _purecall, _CxxThrowException, wcsncpy, wcscat, wcsstr, srand, rand, wcslen, _wtoi, wcscpy, _wcsnicmp, wcstok, _wcsicmp, wcscmp, malloc, free, realloc, _initterm, _adjust_fdiv, __dllonexit, _onexit, __1type_info@@UAE@XZ, _terminate@@YAXXZ, sprintf, memchr, isxdigit, _except_handler3
> OLEAUT32.dll: -, -, -, -, -
> SHLWAPI.dll: PathRemoveFileSpecW, PathRemoveBackslashA, PathRemoveFileSpecA, StrNCatA, -, PathRenameExtensionA, -, SHDeleteKeyA, StrCmpNIW, -, wvnsprintfA, -, -, -, -, StrCmpNIA, StrStrA, -, StrChrW, StrChrA, -, -, UrlCombineW, UrlCanonicalizeW, -, UrlCombineA, UrlCanonicalizeA, -, PathCreateFromUrlA, UrlUnescapeA, StrNCatW, StrToIntW, StrCpyW, -, -, -, StrStrIA, StrCmpW, SHRegGetUSValueA, StrCmpNA, StrToIntA, StrCatBuffA, StrRChrA, StrCmpIW, -, -, SHSetValueW, -, -, -, StrStrIW, SHGetValueW, SHSetValueA, SHGetValueA, wnsprintfA, wnsprintfW, StrCpyNW, PathFindFileNameW, -, -, SHRegGetValueW, -, -, -, -, StrCatBuffW, -, -, -, -
> USER32.dll: IsWindow, IntersectRect, EqualRect, wsprintfW, LoadIconA, LoadImageA, DestroyIcon, SetForegroundWindow, EnumChildWindows, SetWindowTextA, GetParent, GetWindowRect, ScreenToClient, SendMessageA, PostMessageA, FindWindowA, LoadStringA, ShowWindow, GetDesktopWindow, wsprintfA, CharLowerA, DestroyWindow, IsDlgButtonChecked, EnableWindow, SetFocus, GetDlgItem, EndDialog, CheckDlgButton, CreateWindowExA, RegisterWindowMessageA, KillTimer, SetTimer, DefWindowProcA, SetWindowLongA, GetWindowLongA, RegisterClassA, CharNextA, CharToOemA, CharUpperA, CharLowerW, IsCharAlphaNumericA, SetWindowPos, CharNextExA, WinHelpA, SendDlgItemMessageA
( 225 exports )
CommitUrlCacheEntryA, CommitUrlCacheEntryW, CreateMD5SSOHash, CreateUrlCacheContainerA, CreateUrlCacheContainerW, CreateUrlCacheEntryA, CreateUrlCacheEntryW, CreateUrlCacheGroup, DeleteIE3Cache, DeleteUrlCacheContainerA, DeleteUrlCacheContainerW, DeleteUrlCacheEntry, DeleteUrlCacheEntryA, DeleteUrlCacheEntryW, DeleteUrlCacheGroup, DetectAutoProxyUrl, DllInstall, FindCloseUrlCache, FindFirstUrlCacheContainerA, FindFirstUrlCacheContainerW, FindFirstUrlCacheEntryA, FindFirstUrlCacheEntryExA, FindFirstUrlCacheEntryExW, FindFirstUrlCacheEntryW, FindFirstUrlCacheGroup, FindNextUrlCacheContainerA, FindNextUrlCacheContainerW, FindNextUrlCacheEntryA, FindNextUrlCacheEntryExA, FindNextUrlCacheEntryExW, FindNextUrlCacheEntryW, FindNextUrlCacheGroup, ForceNexusLookup, ForceNexusLookupExW, FreeUrlCacheSpaceA, FreeUrlCacheSpaceW, FtpCommandA, FtpCommandW, FtpCreateDirectoryA, FtpCreateDirectoryW, FtpDeleteFileA, FtpDeleteFileW, FtpFindFirstFileA, FtpFindFirstFileW, FtpGetCurrentDirectoryA, FtpGetCurrentDirectoryW, FtpGetFileA, FtpGetFileEx, FtpGetFileSize, FtpGetFileW, FtpOpenFileA, FtpOpenFileW, FtpPutFileA, FtpPutFileEx, FtpPutFileW, FtpRemoveDirectoryA, FtpRemoveDirectoryW, FtpRenameFileA, FtpRenameFileW, FtpSetCurrentDirectoryA, FtpSetCurrentDirectoryW, GetUrlCacheConfigInfoA, GetUrlCacheConfigInfoW, GetUrlCacheEntryInfoA, GetUrlCacheEntryInfoExA, GetUrlCacheEntryInfoExW, GetUrlCacheEntryInfoW, GetUrlCacheGroupAttributeA, GetUrlCacheGroupAttributeW, GetUrlCacheHeaderData, GopherCreateLocatorA, GopherCreateLocatorW, GopherFindFirstFileA, GopherFindFirstFileW, GopherGetAttributeA, GopherGetAttributeW, GopherGetLocatorTypeA, GopherGetLocatorTypeW, GopherOpenFileA, GopherOpenFileW, HttpAddRequestHeadersA, HttpAddRequestHeadersW, HttpCheckDavCompliance, HttpEndRequestA, HttpEndRequestW, HttpOpenRequestA, HttpOpenRequestW, HttpQueryInfoA, HttpQueryInfoW, HttpSendRequestA, HttpSendRequestExA, HttpSendRequestExW, HttpSendRequestW, IncrementUrlCacheHeaderData, InternetAlgIdToStringA, InternetAlgIdToStringW, InternetAttemptConnect, InternetAutodial, InternetAutodialCallback, InternetAutodialHangup, InternetCanonicalizeUrlA, InternetCanonicalizeUrlW, InternetCheckConnectionA, InternetCheckConnectionW, InternetClearAllPerSiteCookieDecisions, InternetCloseHandle, InternetCombineUrlA, InternetCombineUrlW, InternetConfirmZoneCrossing, InternetConfirmZoneCrossingA, InternetConfirmZoneCrossingW, InternetConnectA, InternetConnectW, InternetCrackUrlA, InternetCrackUrlW, InternetCreateUrlA, InternetCreateUrlW, InternetDial, InternetDialA, InternetDialW, InternetEnumPerSiteCookieDecisionA, InternetEnumPerSiteCookieDecisionW, InternetErrorDlg, InternetFindNextFileA, InternetFindNextFileW, InternetFortezzaCommand, InternetGetCertByURL, InternetGetCertByURLA, InternetGetConnectedState, InternetGetConnectedStateEx, InternetGetConnectedStateExA, InternetGetConnectedStateExW, InternetGetCookieA, InternetGetCookieExA, InternetGetCookieExW, InternetGetCookieW, InternetGetLastResponseInfoA, InternetGetLastResponseInfoW, InternetGetPerSiteCookieDecisionA, InternetGetPerSiteCookieDecisionW, InternetGoOnline, InternetGoOnlineA, InternetGoOnlineW, InternetHangUp, InternetInitializeAutoProxyDll, InternetLockRequestFile, InternetOpenA, InternetOpenUrlA, InternetOpenUrlW, InternetOpenW, InternetQueryDataAvailable, InternetQueryFortezzaStatus, InternetQueryOptionA, InternetQueryOptionW, InternetReadFile, InternetReadFileExA, InternetReadFileExW, InternetSecurityProtocolToStringA, InternetSecurityProtocolToStringW, InternetSetCookieA, InternetSetCookieExA, InternetSetCookieExW, InternetSetCookieW, InternetSetDialState, InternetSetDialStateA, InternetSetDialStateW, InternetSetFilePointer, InternetSetOptionA, InternetSetOptionExA, InternetSetOptionExW, InternetSetOptionW, InternetSetPerSiteCookieDecisionA, InternetSetPerSiteCookieDecisionW, InternetSetStatusCallback, InternetSetStatusCallbackA, InternetSetStatusCallbackW, InternetShowSecurityInfoByURL, InternetShowSecurityInfoByURLA, InternetShowSecurityInfoByURLW, InternetTimeFromSystemTime, InternetTimeFromSystemTimeA, InternetTimeFromSystemTimeW, InternetTimeToSystemTime, InternetTimeToSystemTimeA, InternetTimeToSystemTimeW, InternetUnlockRequestFile, InternetWriteFile, InternetWriteFileExA, InternetWriteFileExW, IsHostInProxyBypassList, IsUrlCacheEntryExpiredA, IsUrlCacheEntryExpiredW, LoadUrlCacheContent, ParseX509EncodedCertificateForListBoxEntry, PrivacyGetZonePreferenceW, PrivacySetZonePreferenceW, ReadUrlCacheEntryStream, RegisterUrlCacheNotification, ResumeSuspendedDownload, RetrieveUrlCacheEntryFileA, RetrieveUrlCacheEntryFileW, RetrieveUrlCacheEntryStreamA, RetrieveUrlCacheEntryStreamW, RunOnceUrlCache, SetUrlCacheConfigInfoA, SetUrlCacheConfigInfoW, SetUrlCacheEntryGroup, SetUrlCacheEntryGroupA, SetUrlCacheEntryGroupW, SetUrlCacheEntryInfoA, SetUrlCacheEntryInfoW, SetUrlCacheGroupAttributeA, SetUrlCacheGroupAttributeW, SetUrlCacheHeaderData, ShowCertificate, ShowClientAuthCerts, ShowSecurityInfo, ShowX509EncodedCertificate, UnlockUrlCacheEntryFile, UnlockUrlCacheEntryFileA, UnlockUrlCacheEntryFileW, UnlockUrlCacheEntryStream, UpdateUrlCacheContentPath, UrlZonesDetach, _GetFileExtensionFromUrl
PDFiD.: -
RDS...: NSRL Reference Data Set
zlib1.dll scan:-
File zlib1.dll received on 05.13.2009 01:01:11 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/40 (0%)
Loading server information...
Your file is queued in position: 3.
Estimated start time is between 56 and 80 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.
You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:
Antivirus Version Last Update Result
a-squared 4.0.0.101 2009.05.12 -
AhnLab-V3 5.0.0.2 2009.05.12 -
AntiVir 7.9.0.166 2009.05.12 -
Antiy-AVL 2.0.3.1 2009.05.12 -
Authentium 5.1.2.4 2009.05.12 -
Avast 4.8.1335.0 2009.05.12 -
AVG 8.5.0.327 2009.05.12 -
BitDefender 7.2 2009.05.13 -
CAT-QuickHeal 10.00 2009.05.12 -
ClamAV 0.94.1 2009.05.12 -
Comodo 1157 2009.05.08 -
DrWeb 5.0.0.12182 2009.05.13 -
eSafe 7.0.17.0 2009.05.12 -
eTrust-Vet 31.6.6502 2009.05.12 -
F-Prot 4.4.4.56 2009.05.12 -
F-Secure 8.0.14470.0 2009.05.13 -
Fortinet 3.117.0.0 2009.05.12 -
GData 19 2009.05.13 -
Ikarus T3.1.1.49.0 2009.05.12 -
K7AntiVirus 7.10.732 2009.05.11 -
Kaspersky 7.0.0.125 2009.05.12 -
McAfee 5613 2009.05.12 -
McAfee+Artemis 5613 2009.05.12 -
McAfee-GW-Edition 6.7.6 2009.05.12 -
Microsoft 1.4602 2009.05.12 -
NOD32 4068 2009.05.12 -
Norman 6.01.05 2009.05.12 -
nProtect 2009.1.8.0 2009.05.12 -
Panda 10.0.0.14 2009.05.12 -
PCTools 4.4.2.0 2009.05.07 -
Prevx 3.0 2009.05.13 -
Rising 21.29.14.00 2009.05.12 -
Sophos 4.41.0 2009.05.12 -
Sunbelt 3.2.1858.2 2009.05.12 -
Symantec 1.4.4.12 2009.05.13 -
TheHacker 6.3.4.1.325 2009.05.12 -
TrendMicro 8.950.0.1092 2009.05.12 -
VBA32 3.12.10.4 2009.05.12 -
ViRobot 2009.5.12.1731 2009.05.12 -
VirusBuster 4.6.5.0 2009.05.12 -
Additional information
File size: 59904 bytes
MD5...: 80e41408f6d641dc1c0f5353a0cc8125
SHA1..: 6d957ba632df5b06d49a901f2772df4301610a2a
SHA256: b09537250201236472ccd3caff5c0c12a5fad262e1e951350e 9e5ed2a81d9dde
SHA512: 857d4dc087c73f00d79bf70edfc67ddc0b15a86a4fff366d91 e5ef6684af43ee
d7dcf8579f6b4fb35dedd090973e2bde1a82aae07642136b60 8eeb1d567e5c03
ssdeep: 1536:b/jUwfZ7BURaHUry7nToIfYIOlIO+CM6:1x7BURaHUrgTBfev+CM 6
PEiD..: Armadillo v1.xx - v2.xx
TrID..: File type identification
Win32 Dynamic Link Library (generic) (65.4%)
Generic Win/DOS Executable (17.2%)
DOS Executable Generic (17.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0xa146
timedatestamp.....: 0x42de1dda (Wed Jul 20 09:48:10 2005)
machinetype.......: 0x14c (I386)
( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x923f 0x9400 6.56 c758d703412b079681936e5c60c5080b
.rdata 0xb000 0x464d 0x4800 6.62 3152b1002f44bfacb6198a3316775909
.data 0x10000 0x74 0x200 0.47 de7a3eab5a56e099b2791c1ecfb9c39b
.rsrc 0x11000 0x398 0x400 3.07 b932cf50c0e8cbb81b132fbe559b343d
.reloc 0x12000 0x368 0x400 4.66 f7c1ccbc1b3eeb94d081424363cc02f4
( 2 imports )
> MSVCRT.dll: free, malloc, strerror, fflush, _errno, fopen, fread, fprintf, _vsnprintf, sprintf, ftell, fseek, fclose, clearerr, _fdopen, _initterm, _adjust_fdiv, fwrite, fputc
> KERNEL32.dll: DisableThreadLibraryCalls
( 51 exports )
adler32, compress, compress2, compressBound, crc32, deflate, deflateBound, deflateCopy, deflateEnd, deflateInit2_, deflateInit_, deflateParams, deflatePrime, deflateReset, deflateSetDictionary, get_crc_table, gzclearerr, gzclose, gzdopen, gzeof, gzerror, gzflush, gzgetc, gzgets, gzopen, gzprintf, gzputc, gzputs, gzread, gzrewind, gzseek, gzsetparams, gztell, gzungetc, gzwrite, inflate, inflateBack, inflateBackEnd, inflateBackInit_, inflateCopy, inflateEnd, inflateInit2_, inflateInit_, inflateReset, inflateSetDictionary, inflateSync, inflateSyncPoint, uncompress, zError, zlibCompileFlags, zlibVersion
PDFiD.: -
RDS...: NSRL Reference Data Set
Thxs!
Jx
Please help me! I can't remove Trojan.Vundo from my PC!
