W32.Myzor.FK@yf/Zlob problems

Hello,

My friend got the W32.Myzor.FK@yf worm and I've been trying to help him get rid of it for two days now. He has tried smitfrauadfix.exe of whatever its called. He's also tried Spybot, Ad-aware, Mcaffe with no success. So here is his hijackthis log;

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:16:49 AM, on 2/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\iolo\System Mechanic 6\IoloSGCtrl.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\iolo\System Mechanic 6\SystemGuardAlerter.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe
C:\Program Files\iolo\System Mechanic 6\PopupBlocker.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigpond.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by iPrimus
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.iprimus.com.au:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;*.iprimus.co;*.pri;<local>;*.local
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD67B79CAF2C} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SystemGuardAlerter] "C:\Program Files\iolo\System Mechanic 6\SystemGuardAlerter.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ioloDelayModule] C:\Program Files\iolo\System Mechanic 6\delay.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Microsoft Servicer] servicer.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Antivirus] C:\Program Files\WAV\wav.exe
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe"
O4 - HKCU\..\Run: [System Mechanic Popup Blocker] "C:\Program Files\iolo\System Mechanic 6\PopupBlocker.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Antivirus] C:\Program Files\WAV\wav.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: &Search - ?p=ZJ
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.iprimus.com.au
O16 - DPF: RaptisoftGameLoader - http://miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1CDFA4E8-3396-439D-8C9D-AD0E32DE94B6} (CPlayFirsttastyplanetControl Object) - http://games.bigfishgames.com/en_tastyplanet/online/tastyplanet.1.0.0.4.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} (Shockwave ActiveX Control) -
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/games/ricochet-lost-worlds/en/ReflexiveWebGameLoader.cab
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120089653000
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1149256300671
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.bigfishgames.com/online/luxor2/mjolauncher.cab
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://www.bigfishgames.com/online/tumblebugs/axhost.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} (igLoader Content on Demand) - http://www.miniclip.com/igloader/igloader.CAB
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.bigfishgames.com/online/bejeweled2/popcaploader_v6.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - C:\Program Files\iolo\System Mechanic 6\IoloSGCtrl.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrSII1s.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OneStep Search Service - Unknown owner - C:\Program Files\OneStepSearch\onestep.exe (file missing)
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 13190 bytes


Thank you

Hope you guys can help him

 

Hi JabJab.

I have spotted several malware according to the hijackthis log, which merely fixing using hijackthis will not do. Please download A-squared Free, and then scan the computer with it in safe mode. Also, try again your Mcafee and Spybot scans in safe mode.

Best Regards

PS: Have you read here? http://forums.afterdawn.com/thread_view.cfm/370698 Please do remember to run SmitFraudFix in safe mode, not normal mode.

 

Ok cheers mate,

Also when it said please download this program to get rid of all this (hoax it offered windows anti-virus 2008) he pressed run instead of download so now he can't find the file :S

Cheers again

 

Hey,

He done it all still comes up this is the new log;

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:51:48 PM, on 3/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Documents and Settings\Compaq_Owner\My Documents\ADAMS STUFF\Document Backups\a-squared Free\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\iolo\System Mechanic 6\IoloSGCtrl.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\iolo\System Mechanic 6\SystemGuardAlerter.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe
C:\Program Files\iolo\System Mechanic 6\PopupBlocker.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigpond.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by iPrimus
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.iprimus.com.au:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;*.iprimus.co;*.pri;<local>;*.local
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SystemGuardAlerter] "C:\Program Files\iolo\System Mechanic 6\SystemGuardAlerter.exe"
O4 - HKLM\..\Run: [ioloDelayModule] C:\Program Files\iolo\System Mechanic 6\delay.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Microsoft Servicer] servicer.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Antivirus] C:\Program Files\WAV\wav.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe"
O4 - HKCU\..\Run: [System Mechanic Popup Blocker] "C:\Program Files\iolo\System Mechanic 6\PopupBlocker.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: &Search - ?p=ZJ
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.iprimus.com.au
O16 - DPF: RaptisoftGameLoader - http://miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1CDFA4E8-3396-439D-8C9D-AD0E32DE94B6} (CPlayFirsttastyplanetControl Object) - http://games.bigfishgames.com/en_tastyplanet/online/tastyplanet.1.0.0.4.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} (Shockwave ActiveX Control) -
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/games/ricochet-lost-worlds/en/ReflexiveWebGameLoader.cab
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120089653000
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1149256300671
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.bigfishgames.com/online/luxor2/mjolauncher.cab
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://www.bigfishgames.com/online/tumblebugs/axhost.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} (igLoader Content on Demand) - http://www.miniclip.com/igloader/igloader.CAB
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.bigfishgames.com/online/bejeweled2/popcaploader_v6.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Documents and Settings\Compaq_Owner\My Documents\ADAMS STUFF\Document Backups\a-squared Free\a2service.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - C:\Program Files\iolo\System Mechanic 6\IoloSGCtrl.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrSII1s.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OneStep Search Service - Unknown owner - C:\Program Files\OneStepSearch\onestep.exe (file missing)
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 13294 bytes

Thank you again

Max

 

Hi jabjab. Now I suspect a completely new Zlob variant, different from Smitfraud, due to the many symptons your friend is having. Have you scanned with A-squared? Please post the log here and do not remove anything unnecessary.

We might also need another tool. Please download Malwarebytes Anti-malware and remove anything it may find.

Best Regards

 

Yeah he's scanned, the log above is the latest one.

 

Hi JabJab.

Perhaps I didn't quite make my point clear enough. I meant an a-squared scan log, not a hijackthis scan log.

Also download Malwarebytes Anti-malware and run it.

Best Regards

 

SQLite format 3 @ Ç
+ USessionDetails + USessionUpdates + USessionModules ¬ URequests
ULogs # DBIntegrity HEv¥HEw#, “ëô C C Á �: ## ‚;tableDBIntegrityDBIntegrity CREATE TABLE DBIntegrity(
ID INTEGER PRIMARY KEY,
TableName TEXT,
Revision INTEGER NOT NULL DEFAULT 1,
RecordsLimit INTEGER NOT NULL DEFAULT 0)�> ‚[tableULogsULogs CREATE TABLE ULogs(
ID INTEGER PRIMARY KEY,
AutoUpdate INTEGER,
Started INTEGER,
Finished INTEGER,
FilesCount INTEGER,
TotalSize INTEGER,
Result INTEGER)‚< 1 „9triggerULogs_BeforeDeleteULogs CREATE TRIGGER ULogs_BeforeDelete BEFORE DELETE ON ULogs
BEGIN
DELETE FROM URequests WHERE SessionID=old.ID;
DELETE FROM USessionDetails WHERE SessionID=old.ID;
DELETE FROM USessionModules WHERE SessionID=old.ID;
DELETE FROM USessionUpdates WHERE SessionID=old.ID;
END 4 4 i ‚2 / „'triggerULogs_AfterInsertULogs CREATE TRIGGER ULogs_AfterInsert AFTER INSERT ON ULogs
BEGIN
DELETE FROM ULogs WHERE ID <= CASE WHEN (SELECT RecordsLimit FROM DBIntegrity WHERE TableName = 'ULogs') = 0 THEN 0
ELSE New.ID - (SELECT RecordsLimit FROM DBIntegrity WHERE TableName='ULogs') END;
END�. ¬¬ ‚+tableURequestsURequests CREATE TABLE URequests(
ID INTEGER PRIMARY KEY,
Date INTEGER,
SessionID INTEGER,
URL TEXT,
ResponseCode INTEGER,
ResponseText TEXT)ƒc 7¬ †ytriggerURequests_AfterInsertURequests CREATE TRIGGER URequests_AfterInsert AFTER INSERT ON URequests
BEGIN
UPDATE URequests SET Date = CASE WHEN New.Date IS NOT NULL THEN New.Date ELSE StrFTime('%s', 'now', 'localtime') END
WHERE ROWID = New.ROWID;

DELETE FROM URequests WHERE ID <= CASE WHEN (SELECT RecordsLimit FROM DBIntegrity WHERE TableName = 'URequests') = 0 THEN 0
ELSE New.ID - (SELECT RecordsLimit FROM DBIntegrity WHERE TableName='URequests') END;
END � �{ +HEv§ http://update.emsisoft.com/checkupd...com&code=free&no=1&version=3.0&l=en-us&beta=0 ÈHTTP/1.1 200 OK
Æ … J ¼ } C Ç ‹ M 3
¬ M unrar.dlln/aa5fe51b8ce661a935a165803c65a4bf1<
%¬M unins000.exe51.49.0.0347882ce8599cf7283abffe03b8ca5c3:
!¬M engine.dll3.0.0.397b1de3ce1da6c1f28bec92604337fc63b< #!M cabinet.dll1.00.601.03da024785935aac0e4610f711b97c207< %¬M a2update.dll3.0.0.3030c09ce5902cbad7f40fcbf828a4193ff8 ¬ M a2upd.exe3.0.0.67e384f63157fcba9af45f673774eb6b28= '¬M a2service.exe3.0.0.426a462169fe6f9af920196b828b97c9520F 5#M a2freecontmenu64.dll3. 0. 0. 587726d03907f721ec908e13ff36bd2383D 1#M a2freecontmenu.dll3. 0. 0. 58fd8ed176a58621f1aabbdd7fe42174c59 ! M a2free.exe3.5.0.15fb88d187d47350d114d6ee500a7b1979? +¬M a2framework.dll3.0.0.5185c09a0976de88e2ddb7f72fd273d8bf48 ¬ M a2cmd.exe3.5.0.18659b8a22e5279d6f45d2c5f4614eab46 : ] ” : �\
++ ‚otableUSessionDetailsUSessionDetails
CREATE TABLE USessionDetails(
ID INTEGER PRIMARY KEY,
SessionID INTEGER,
Path TEXT,
Size INTEGER,
MD5 TEXT,
Description TEXT,
Downloaded INTEGER,
Copyed INTEGER)y ?+ � indexUSessionUpdates_SessionIDUSessionUpdates
CREATE INDEX USessionUpdates_SessionID ON USessionUpdates(SessionID)�F ++ ‚CtableUSessionUpdatesUSessionUpdates CREATE TABLE USessionUpdates(
ID INTEGER PRIMARY KEY,
SessionID INTEGER,
URL TEXT,
Path TEXT,
Name TEXT,
Size INTEGER,
MD5 TEXT,
Desc TEXT)� ++ �wtableUSessionModulesUSessionModulesCREATE TABLE USessionModules(
ID INTEGER PRIMARY KEY,
SessionID INTEGER,
Name TEXT,
Version TEXT,




" 4 ú ô î è â Ü Ö Ð Ê Ä ¾ ¸ ² ¬ ¦ š ” Ž ˆ ‚ | v p j d ^ X R L F @ : 4 " ! ¬



) ¬ ™ P £ ÷ H ™ �,
�¬31 M- http://updates5.emsisoft.com/updates/BDFDAE4B10D3A2D125049FDC5B4CF9C2.datLanguages\it-it.lngItalian (Italiano) ®BDFDAE4B10D3A2D125049FDC5B4CF9C2Language Support�,
�¬31 M- http://updates5.emsisoft.com/updates/BD19E89A76AB463A22AC4B7F5DEC0706.datLanguages\es-es.lngSpanish (Español) ® BD19E89A76AB463A22AC4B7F5DEC0706Language Support�)
�¬3+ M- http://updates5.emsisoft.com/updates/C7BDC8017090436A8BE32EE9A188E029.datLanguages\pl-pl.lngPolish (Polski) ºòC7BDC8017090436A8BE32EE9A188E029Language Support�*
�¬3- M- http://updates5.emsisoft.com/updates/AB2D093110C54A9A6883527B8D5353AA.datLanguages\sr-sp.lngSerbian (Srpski) �’AB2D093110C54A9A6883527B8D5353AALanguage Support�-
�¬33 M- http://updates5.emsisoft.com/updates/BB11C78BB5AA86ADA7E97B3EE2A41AD8.datLanguages\hr-hr.lngCroatian (Hrvatski) ”"BB11C78BB5AA86ADA7E97B3EE2A41AD8Language Support � [ ² ò 3 � �!

�¬3 M- http://updates5.emsisoft.com/updates/D4CC3F1F8E8E1023F3B0777F51487EAD.datLanguages\ru-ru.lngRussian Ã
D4CC3F1F8E8E1023F3B0777F51487EADLanguage Support�<
�¬¬- Me http://updates5.emsisoft.com/updates/A5FE51B8CE661A935A165803C65A4BF1.datunrar.dllEngine Component t A5FE51B8CE661A935A165803C65A4BF1Unpacking component for RAR files 3.50.0.214�=
�¬#- Mc http://updates5.emsisoft.com/updates/3DA024785935AAC0E4610F711B97C207.datcabinet.dllEngine Component 3DA024785935AAC0E4610F711B97C207Unpacking component for CAB files 1.0.601.0�&
�¬3% M- http://updates5.emsisoft.com/updates/57D8BA7FF1608FE80EA26BF4318091DC.datLanguages\en-uk.lngEnglish (UK) t|57D8BA7FF1608FE80EA26BF4318091DCLanguage Support�"
�¬3 M- http://updates5.emsisoft.com/updates/F4C8A7FC4D1121D73D4B6AE3B6BF1A3C.datLanguages\ja-jp.lngJapanese ½4F4C8A7FC4D1121D73D4B6AE3B6BF1A3CLanguage Support _ P ¡ ò _ �1
�¬3; M- http://updates5.emsisoft.com/update...03C8B1AD9AFD.datLanguages\pt-br.lngPortuguese (Português) ÇlF60F9BE8FBAD9DC253C803C8B1AD9AFDLanguage Support�\

�¬-W Mo http://updates5.emsisoft.com/updates/B070042946801AF5858C55B5E9C91F6D.data2cmd_readme.txta-squared Command Line Scanner Readme ‡B070042946801AF5858C55B5E9C91F6DReadme and help file for the command line scanner�,
�¬31 M- http://updates5.emsisoft.com/update...10FD4FBC19FF8.datLanguages\hu-hu.lngHungarian (Magyar) N 748AEEC34942B0F677910FD4FBC19FF8Language support�,

�¬31 M- http://updates5.emsisoft.com/updates/110D3574E9A94020954271D64D1095BD.datLanguages\tr-tr.lngTurkish (Türkçe) ¨ª110D3574E9A94020954271D64D1095BDLanguage Support�-

�¬33 M- http://updates5.emsisoft.com/updates/D5E2EF055D9C2808D8C67102E5E8C232.datLanguages\cn-tw.lngChinese Traditional ˜„D5E2EF055D9C2808D8C67102E5E8C232Language Support $ Q ¢ ü
$ �e
�¬13 M� http://updates5.emsisoft.com/updates/FD8ED176A58621F1AABBDD7FE42174C5.data2freecontmenu.dllContext menu module L�FD8ED176A58621F1AABBDD7FE42174C5Explorer context menu to scan files or folders with a-squared - 3.0.0.58�m
�¬53 M�) http://updates5.emsisoft.com/updates/7726D03907F721EC908E13FF36BD2383.data2freecontmenu64.dllContext menu module †�7726D03907F721EC908E13FF36BD2383Explorer context menu to scan files or folders with a-squared (x64) - 3.0.0.58�#
�¬3¬ M- http://updates5.emsisoft.com/update...C1D36164991A0.datlanguages\bg-bg.lngBulgarian áJBB6B59993F76AB9F599C1D36164991A0Language Support�,
�¬31 M- http://updates5.emsisoft.com/updates/C82C7191FCD96F455F2E5E0355D7C3AB.datLanguages\cn-cn.lngChinese Simplified ¤BC82C7191FCD96F455F2E5E0355D7C3ABLanguage Support�,
�¬!- ME http://updates5.emsisoft.com/updates/782689F241225C30734C8786BD860923.data2heur.datEngine Component r782689F241225C30734C8786BD860923Heuristic scan engine module U P é ; U �c
�¬¬I M� http://updates5.emsisoft.com/updates/659B8A22E5279D6F45D2C5F4614EAB46.data2cmd.exea-squared Command Line Scanner Œ�659B8A22E5279D6F45D2C5F4614EAB46Console application using command line parameters to scan - 3.5.0.18�+
�¬%) MA http://updates5.emsisoft.com/updates/0C09CE5902CBAD7F40FCBF828A4193FF.data2update.dllUpdater module ºˆ0C09CE5902CBAD7F40FCBF828A4193FFUpdater module - 3.0.0.303�4
�¬+/ MG http://updates5.emsisoft.com/updates/5C09A0976DE88E2DDB7F72FD273D8BF4.data2framework.dllService Framework F�5C09A0976DE88E2DDB7F72FD273D8BF4Service component - 3.0.0.518�-
�¬!# MO http://updates5.emsisoft.com/updates/B1DE3CE1DA6C1F28BEC92604337FC63B.datengine.dllScan Engine –€B1DE3CE1DA6C1F28BEC92604337FC63BScan Engine Component - 3.0.0.397�-
�¬¬/ ME http://updates5.emsisoft.com/updates/E384F63157FCBA9AF45F673774EB6B28.data2upd.exeUpdater component ^ˆE384F63157FCBA9AF45F673774EB6B28Updater component - 3.0.0.67 � R � Þ : � �*
�¬3- M- http://updates5.emsisoft.com/updates/B0FFD7EB6A08224462FE02A5C3F94A0F.datLanguages\de-de.lngGerman (Deutsch) LRB0FFD7EB6A08224462FE02A5C3F94A0FLanguage Support�!
�¬3 M- http://updates5.emsisoft.com/updates/7E937348CC3CAFB543AFA262590FBE17.datLanguages\en-us.lngEnglish ù¤7E937348CC3CAFB543AFA262590FBE17Language Support�.
�¬!1 MC http://updates5.emsisoft.com/updates/FB88D187D47350D114D6EE500A7B1979.data2free.exea-squared Free 3.5
øpFB88D187D47350D114D6EE500A7B1979Main application - 3.5.0.15�@
�¬' Mw http://updates5.emsisoft.com/updates/A462169FE6F9AF920196B828B97C9520.data2service.exeService öxA462169FE6F9AF920196B828B97C9520Service application for non admin support - 3.0.0.426�+
�¬3/ M- http://updates5.emsisoft.com/updates/94FC1A4CED61CE62DC907B5A8D63EF06.datLanguages\ca-es.lngCatalan (Català ) ]Ú94FC1A4CED61CE62DC907B5A8D63EF06Language Support R Q ® R �,"
�¬31 M- http://updates5.emsisoft.com/updates/BF8FD168A31BC9AF4C0B06D047090E37.datLanguages\fr-fr.lngFrench (Français) ƒÞBF8FD168A31BC9AF4C0B06D047090E37Language Support�*!
�¬3- M- http://updates5.emsisoft.com/updates/16E2608590A801179EBBBE98243036D2.datLanguages\cz-cz.lngCzech (CeÅ¡tina) •º16E2608590A801179EBBBE98243036D2Language support�
�¬3 M- http://updates5.emsisoft.com/updates/4FAB801C4F7817A1D7D012437D610F23.datLanguages\ar-sa.lngArabic ¶J4FAB801C4F7817A1D7D012437D610F23Language Support�,¬
�¬31 M- http://updates5.emsisoft.com/updates/01B7A5450F7D46A2B8A98A408ADE6B0F.datLanguages\nl-nl.lngDutch (Nederlands) "D01B7A5450F7D46A2B8A98A408ADE6B0FLanguage Support E g
~ ñ b Ó E �

; M� Signatures\20080317.sig 'ªBFCEFE6AF39EE4FB6A571C750A0977583403 Signatures: 2791 Trojans, 26 Dialers, 96 Worms and 490 Spywares �

; M� Signatures\20080303.sig +Û888466C557945403342ACE02A219E1283533 Signatures: 3166 Trojans, 33 Dialers, 104 Worms and 230 Spywares �

; M� Signatures\20080114.sig Ô‰B54AC32E8459915D5EB0BF26D4E3457A2421 Signatures: 2179 Trojans, 11 Dialers, 114 Worms and 117 Spywares �

; M� Signatures\20080103.sig �’47F2E8755BC6C16E741FEC9DBF44E27E1642 Signatures: 1511 Trojans, 15 Dialers, 60 Worms and 56 Spywares �

; M� Signatures\20071210.sig ©`80A2197A561DA30CA1134583A71AAA0F1929 Signatures: 1762 Trojans, 19 Dialers, 50 Worms and 98 Spywares Z ; M5 Signatures\20071117.trc �ö6A113DBA0A984CD465AE4D043011EB6354168 Spyware Traces �
; M�+ Signatures\20071115.sigdò—46C77EC64501B21E8D783BE9A823017F327234 Signatures: 212085 Trojans, 39591 Dialers, 66333 Worms and 9224 Spywares < q ä Z w • < W ; M1 Signatures\20080516.trc #526030E059D9B05D6164E5B86B70C186142 Spyware Traces �

; M� Signatures\20080516.sigW 451EF8DABC17CF85BC93F7657CCD19B1949 Signatures: 862 Trojans, 7 Dialers, 39 Worms and 41 Spywares W ; M1 Signatures\20080515.trc ×685FB35A29DD2DFAAA6ABC7CF568CF83236 Spyware Traces �

; M� Signatures\20080515.sigb)CD10D1F4634EFBCE27BF59BD8B8445B21078 Signatures: 975 Trojans, 6 Dialers, 45 Worms and 52 Spywares W
; M1 Signatures\20080514.trc ‹B5029BC5C85246563107EB229F66E3FC148 Spyware Traces �

; M� Signatures\20080514.sig]^C1612B8F02561F02EFF064B0F1BD92281017 Signatures: 939 Trojans, 9 Dialers, 35 Worms and 34 Spywares �

; M� Signatures\20080513.sig Ò1A5E98C588DA29E6B7B819E8A0CC6D24C2420 Signatures: 2228 Trojans, 8 Dialers, 125 Worms and 59 Spywares �

; M� Signatures\20080512.sig D FCCBCB20FC0C80BE87DD43DB805E443A3865 Signatures: 3570 Trojans, 16 Dialers, 131 Worms and 148 Spywares e q � 4 ¦ M ¾ e W ; M1 Signatures\20080522.trc „DDC561C2B9EB4BF94859D2C5EB77CFFC130 Spyware Traces �

; M� Signatures\20080522.sig è½E78C013BD4E31D52A7CE699EEDE549782650 Signatures: 2400 Trojans, 16 Dialers, 124 Worms and 110 Spywares W ; M1 Signatures\20080521.trc
ÃACCE49C23292247FF5D531A18F7DAD67338 Spyware Traces �

; M� Signatures\20080521.sig ìÀAD4B385BEA9B017183496B1A331D01342682 Signatures: 2439 Trojans, 15 Dialers, 130 Worms and 98 Spywares W ; M1 Signatures\20080520.trc í329A5C187FECDD9E29BD254046333CB4160 Spyware Traces �
; M� Signatures\20080520.sighÍD11517869944F43CA1FA4050DFAC653C1164 Signatures: 1050 Trojans, 7 Dialers, 54 Worms and 53 Spywares W ; M1 Signatures\20080519.trc
ð5FD45F623D7851AA7DE3F982C583829A302 Spyware Traces �

; M� Signatures\20080519.sig ) BD0325543097948042C91C1EFCA81A183572 Signatures: 3271 Trojans, 30 Dialers, 146 Worms and 125 Spywares d t ¿ 0 ¢ I ½ d W¬ ; M1 Signatures\20080528.trc
ä396E7EF52D6E1131C755F585CACECD2B331 Spyware Traces �
; M� Signatures\20080528.sig ³01A5C45A0C0D0ED07B07716E9118F5A6C2009 Signatures: 1841 Trojans, 7 Dialers, 88 Worms and 73 Spywares W ; M1 Signatures\20080527.trc n56C9C2E8926D659E9954848340EF214F114 Spyware Traces �

; M� Signatures\20080527.sig Éd7873F2ACD5818EC05136CF2EB5B611402273 Signatures: 2074 Trojans, 11 Dialers, 105 Worms and 83 Spywares �

; M� Signatures\20080526.sig b¥CBAD921155A780174EDF7B304CD9EFDA4136 Signatures: 3492 Trojans, 21 Dialers, 106 Worms and 517 Spywares W ; M1 Signatures\20080525.trc ìF96B182D0DFB3A47E135BFD1DF3FF789419 Spyware Traces Z ; M5 Signatures\20080523.trc ‰D2180D2BB2C5C44C5D4C8A2DB637EDC6954137 Spyware Traces �
; M� Signatures\20080523.sig ‚g9943E528FEA64D325802BE017E01D5071483 Signatures: 1317 Trojans, 9 Dialers, 67 Worms and 90 Spywares
= s ¬ Ë ? æ ’ > ê – = W) ; M1 Signatures\20080601.trc
Ñ694ECACE2965CE914413862A6E9FE646400 Spyware Traces R( 3 M- Languages\fr-fr.lng ƒÞBF8FD168A31BC9AF4C0B06D047090E37Language Support R' 3 M- Languages\cz-cz.lng •º16E2608590A801179EBBBE98243036D2Language support R& 3 M- Languages\ar-sa.lng ¶J4FAB801C4F7817A1D7D012437D610F23Language Support R% 3 M- Languages\nl-nl.lng "D01B7A5450F7D46A2B8A98A408ADE6B0FLanguage Support W$ ; M1 Signatures\20080530.trc ¹29C04C5CBFDD6DC3C4B9CE1EF97D1F61164 Spyware Traces � #
; M� Signatures\20080530.sigw4A5A170C950433BA85D6300DE582AA40F1353 Signatures: 1226 Trojans, 13 Dialers, 57 Worms and 57 Spywares R" 3 M- Languages\de-de.lng LRB0FFD7EB6A08224462FE02A5C3F94A0FLanguage Support R! 3 M- Languages\en-us.lng ù¤7E937348CC3CAFB543AFA262590FBE17Language Support �

; M� Signatures\20080529.sig ¯Œ62FBC91B27D6EE940B1FA32FA7A5E6761988 Signatures: 1777 Trojans, 9 Dialers, 92 Worms and 110 Spywares � s æ � W, ; M1 Signatures\20080603.trc
h90EF4DCEB8D00D3BB7C6F1468916D294295 Spyware Traces �
+
; M� Signatures\20080603.sig Å 13C1FF49CCDC78DF78795DCD766328E72223 Signatures: 1983 Trojans, 5 Dialers, 77 Worms and 158 Spywares �
*
; M� Signatures\20080602.sig ì½BDB0C12DB68717672A00DEC82D8279032806 Signatures: 2493 Trojans, 7 Dialers, 91 Worms and 215 Spywares

Dunno if thats the log but its what my friend sent me thanks again