HELP WINSPYWAREPROTECT

[Google]

I scanned again with malwarebytes malware thing and this is what I got:

Code: [Select]

Malwarebytes' Anti-Malware 1.23
Database version: 1002
Windows 5.1.2600 Service Pack 2

11:51:10 AM 30/07/2008
mbam-log-7-30-2008 (11-51-10).txt

Scan type: Quick Scan
Objects scanned: 40744
Time elapsed: 6 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


[Google]

That was the quick scan. I am now startign a complete scan. Will post log in a bit...........

[Google]

Also, antivir keeps popping up saying I have trojans and stuff, so I move to quarantine. But Idk why it keeps popping up......

[evilfantasy]

Post a fresh HJT log.

[Google]

Alright, I've attatched a fresh HJT log and an events log from antivir.

[recovering disk space -- attachment deleted by admin]

[evilfantasy]

The events log looks like this

Code: [Select]

Exported events:
਍ഀഀ
30/07/2008 12:50 [Guard] Malware found
਍      嘀椀爀甀猀 漀爀 甀渀眀愀渀琀攀搀 瀀爀漀最爀愀洀 ✀吀刀⼀䈀䠀伀⸀昀戀礀⸀㌀ 嬀琀爀漀樀愀渀崀✀ഀഀ
      detected in file 'C:\System Volume
਍      䤀渀昀漀爀洀愀琀椀漀渀尀开爀攀猀琀漀爀攀笀䈀䐀㌀㠀㜀䐀㈀䌀ⴀ䘀䈀䈀㠀ⴀ㐀㌀㄀䄀ⴀ䄀㌀㄀䐀ⴀ　䌀䔀䔀㔀㜀㌀㜀㤀䔀㤀㄀紀尀刀倀㐀　尀䄀　　㄀㔀㈀　㜀⸀攀砀攀⸀ഀഀ
      Action performed: Move file to quarantine
਍ഀഀ
30/07/2008 12:49 [Guard] Malware found
਍      嘀椀爀甀猀 漀爀 甀渀眀愀渀琀攀搀 瀀爀漀最爀愀洀 ✀吀刀⼀䈀䠀伀⸀昀戀礀⸀㌀ 嬀琀爀漀樀愀渀崀✀ഀഀ
      detected in file 'C:\System Volume
਍      䤀渀昀漀爀洀愀琀椀漀渀尀开爀攀猀琀漀爀攀笀䈀䐀㌀㠀㜀䐀㈀䌀ⴀ䘀䈀䈀㠀ⴀ㐀㌀㄀䄀ⴀ䄀㌀㄀䐀ⴀ　䌀䔀䔀㔀㜀㌀㜀㤀䔀㤀㄀紀尀䘀椀昀漀攀搀尀䄀　　㄀㐀㔀　　⸀搀氀氀⸀ഀഀ
      Action performed: Move file to quarantine
਍ഀഀ
30/07/2008 12:49 [Guard] Malware found
਍      嘀椀爀甀猀 漀爀 甀渀眀愀渀琀攀搀 瀀爀漀最爀愀洀 ✀吀刀⼀䈀䠀伀⸀昀戀礀⸀㌀ 嬀琀爀漀樀愀渀崀✀ഀഀ
      detected in file 'C:\System Volume
਍      䤀渀昀漀爀洀愀琀椀漀渀尀开爀攀猀琀漀爀攀笀䈀䐀㌀㠀㜀䐀㈀䌀ⴀ䘀䈀䈀㠀ⴀ㐀㌀㄀䄀ⴀ䄀㌀㄀䐀ⴀ　䌀䔀䔀㔀㜀㌀㜀㤀䔀㤀㄀紀尀䘀椀昀漀攀搀尀䄀　　㄀㐀㐀㤀㤀⸀搀氀氀⸀ഀഀ
      Action performed: Move file to quarantine
਍ഀഀ
30/07/2008 12:49 [Guard] Malware found
਍      嘀椀爀甀猀 漀爀 甀渀眀愀渀琀攀搀 瀀爀漀最爀愀洀 ✀吀刀⼀䄀最攀渀琀⸀㈀㐀㠀㠀㌀㈀　 嬀琀爀漀樀愀渀崀✀ഀഀ
      detected in file 'C:\System V

[Google]

Thats wierd?!?!? Well, here's waht it looks like to me...

Code: [Select]

Exported events:

30/07/2008 12:50 [Guard] Malware found
      Virus or unwanted program 'TR/BHO.fby.3 [trojan]'
      detected in file 'C:\System Volume
      Information\_restore{BD387D2C-FBB8-431A-A31D-0CEE57379E91}\RP40\A0015207.exe.
      Action performed: Move file to quarantine

30/07/2008 12:49 [Guard] Malware found
      Virus or unwanted program 'TR/BHO.fby.3 [trojan]'
      detected in file 'C:\System Volume
      Information\_restore{BD387D2C-FBB8-431A-A31D-0CEE57379E91}\Fifoed\A0014500.dll.
      Action performed: Move file to quarantine

30/07/2008 12:49 [Guard] Malware found
      Virus or unwanted program 'TR/BHO.fby.3 [trojan]'
      detected in file 'C:\System Volume
      Information\_restore{BD387D2C-FBB8-431A-A31D-0CEE57379E91}\Fifoed\A0014499.dll.
      Action performed: Move file to quarantine

30/07/2008 12:49 [Guard] Malware found
      Virus or unwanted program 'TR/Agent.2488320 [trojan]'
      detected in file 'C:\System Volume
      Information\_restore{BD387D2C-FBB8-431A-A31D-0CEE57379E91}\Fifoed\A0014497.EXE.
      Action performed: Move file to quarantine

30/07/2008 12:21 [Guard] Malware found
      Virus or unwanted program 'TR/Agent.2488320 [trojan]'
      detected in file 'C:\Documents and Settings\User\My Documents\CE\VE5
      1032\VE5_Alter_1032.EXE.
      Action performed: Move file to quarantine

30/07/2008 12:20 [Guard] Malware found
      Virus or unwanted program 'TR/Dldr.16384.D [trojan]'
      detected in file 'C:\Documents and Settings\User\My Documents\CE\VE5
      1032\systemcallsignal.exe.
      Action performed: Move file to quarantine

30/07/2008 10:45 [Guard] Malware found
      Virus or unwanted program 'EXP/CVE-2006-4534 [exploit]'
      detected in file 'C:\Documents and Settings\User\My Documents\~WRD2525.tmp.
      Action performed: Move file to quarantine

30/07/2008 10:18 [Guard] Malware found
      Virus or unwanted program 'TR/Hook.Q [trojan]'
      detected in file 'C:\Documents and Settings\User\My Documents\DxWND\dxwnd.dll.
      Action performed: Move file to quarantine

30/07/2008 10:03 [Guard] Malware found
      Virus or unwanted program 'TR/Dldr.SecondTh.HA [trojan]'
      detected in file 'E:\WINDOWS\system32\lwr_bbi6008.exe.
      Action performed: Move file to quarantine

30/07/2008 9:31 [Guard] Malware found
      Virus or unwanted program 'TR/Hook.Q [trojan]'
      detected in file 'H:\Program Files\Maplestory\dxwnd.dll.
      Action performed: Move file to quarantine

30/07/2008 9:31 [Guard] Malware found
      Virus or unwanted program 'TR/Agent.5599232.Y [trojan]'
      detected in file 'H:\Program Files\Maplestory\dagonMS-2.exe.
      Action performed: Move file to quarantine

30/07/2008 9:29 [Guard] Malware found
      Virus or unwanted program 'TR/BHO.fby.3 [trojan]'
      detected in file 'H:\System Volume
      Information\_restore{BD387D2C-FBB8-431A-A31D-0CEE57379E91}\RP40\A0015356.exe.
      Action performed: Move file to quarantine

30/07/2008 9:28 [Guard] Malware found
      Virus or unwanted program 'TR/Mapler.AW [trojan]'
      detected in file 'H:\System Volume
      Information\_restore{BD387D2C-FBB8-431A-A31D-0CEE57379E91}\RP17\A0001526.exe.
      Action performed: Move file to quarantine

30/07/2008 9:28 [Guard] Malware found
      Virus or unwanted program 'DR/PSW.Mapler.AK.4 [dropper]'
      detected in file 'H:\System Volume
      Information\_restore{BD387D2C-FBB8-431A-A31D-0CEE57379E91}\RP17\A0001522.exe.
      Action performed: Move file to quarantine

30/07/2008 9:27 [Guard] Malware found
      Virus or unwanted program 'TR/BHO.fby.3 [trojan]'
      detected in file 'H:\Downloads\c-setup.exe.
      Action performed: Move file to quarantine

30/07/2008 9:25 [Guard] Malware found
      Virus or unwanted program 'TR/BHO.fby.3 [trojan]'
      detected in file
      'C:\RECYCLER\S-1-5-21-1445563323-3637782785-1872043566-1004\Dc38.exe.
      Action performed: Move file to quarantine

30/07/2008 9:25 [Guard] Malware found
      Virus or unwanted program 'TR/Dldr.16384.D [trojan]'
      detected in file 'C:\System Volume
      Information\_restore{BD387D2C-FBB8-431A-A31D-0CEE57379E91}\Fifoed\A0014495.exe.
      Action performed: Move file to quarantine

30/07/2008 8:28 [Guard] Service started
      Service started.
      Version of service: 8.0.1.26
      Version of Engine: 8.1.1.12
      Version of VDF: 7.0.5.193

30/07/2008 8:27 [Scheduler] Service started
      The service was started.
       Version of service 8.0.0.16

30/07/2008 8:26 [Guard] Service stopped
      Service stopped.

30/07/2008 8:25 [Scheduler] Service stopped
      The service was stopped.

30/07/2008 8:13 [Scanner] Scan
      Scan ended [The scan has been done completely.].
      Number of files: 5193
      Number of folders: 225
      Number of malware: 2
      Number of errors: 0

30/07/2008 8:09 [Scanner] Malware found
      The file 'C:\WINDOWS\system32\hombho.dll'
      contained a virus or unwanted program 'TR/BHO.fby.3' [trojan]
      Action(s) taken:
      The file was moved to '48fd84a2.qua'!

30/07/2008 8:09 [Scanner] Malware found
      The file 'C:\WINDOWS\system32\domie.dll'
      contained a virus or unwanted program 'TR/BHO.fby.3' [trojan]
      Action(s) taken:
      The file was moved to '48fd8497.qua'!

30/07/2008 8:03 [Updater] Update successfully completed
      Update of Avira AntiVir Personal - Free Antivirus performed via server
      http://dl9.freeav.net.
      The update was completed successfully on 7/30/2008 8:03.

30/07/2008 8:03 [Guard] Reload engine.
      The Engine was reloaded.
      Engine Version: 8.01.01.12
      VDF Version: 7.00.05.193

30/07/2008 8:01 [Scheduler] Job started
      The job "Immediate Update"
      was started successfully.

30/07/2008 8:01 [Guard] Service started
      Service started.
      Version of service: 8.0.1.26
      Version of Engine: 8.1.1.6
      Version of VDF: 7.0.5.23

30/07/2008 8:01 [Scheduler] Service started
      The service was started.
       Version of service 8.0.0.16


[evilfantasy]

Everything was moved to quarantine right?

If so then everything is OK.

[Google]

Yes, it supposedly was, so should I just keep quarantining if they pop up again?? BTW, Thank you so much for all your help. I'll just complete mbam scan, thenpost log. All I have to do after hthat is defrag my external hard drive, then create my final restore point. Any final things I should do?

[evilfantasy]

Sounds like you have everything covered. Just be careful online and watch what you download.

[Google]

Ok, thanks

[Google]

Alright, heres the mbam log looks alright to me:

Code: [Select]

Malwarebytes' Anti-Malware 1.23
Database version: 1002
Windows 5.1.2600 Service Pack 2

3:13:02 PM 30/07/2008
mbam-log-7-30-2008 (15-13-02).txt

Scan type: Full Scan (C:\|E:\|F:\|H:\|)
Objects scanned: 205633
Time elapsed: 2 hour(s), 32 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\User\Application Data\Desktopicon\eBayShortcuts.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{BD387D2C-FBB8-431A-A31D-0CEE57379E91}\RP40\A0015207.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
H:\Downloads\psp_video_express.exe (Adware.Agent) -> Quarantined and deleted successfully.


[evilfantasy]

Now that you have a good antivirus in place that is up to date you should be in good shape.

[Google]

Alright, thanks for all you help-you helped me a thousand times more than the guy who I payed 180 dollars to fix my computer last time!!

-Thanks a million!

[evilfantasy]

No problem.