SYSTEM32.dll (Trojan.Agent)

[sujay]

I have three PCs in my household. whenever I scan with MBAM firsttime after a first time it always finds SYSTEM32.dll (Trojan.Agent) in C:\Users\user\AppData\Roaming\
I installed my vista desktop ~ 4days ago. I wanted to test mbam beta in it. It finds the same system32.dll in it. So, I am wondering how can I be infected with same malware all times, even is I reinstall everything after a clean format of all drives. I also redownloaded all the softwares again. I am attaching MBAM log, hijackThis log and NoVirusThanks Hijack Hunter log here.
logs.zip

[Alboguy]

Probably a false positive. Or this is causing the problem:

O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h

You have 2 AV installed side by side. Other problems will come up for you untill you uninstall one of them.

[hellnoire]

Comodo can always be the Firewall only.

I also don't think that's a False Positive, since System32.dll shouldn't be located there....

[Alboguy]

I doubt he has deactivated the AV engine. He has also installed Immunet though. I don't know why this guy needs this much real time security.

[sujay]

@hellnoire and Alboguy: I installed only comodo firewall standalone during the installation. But it shows comodo internet security don't know why. I thought immunet can be run together with any AV as told in their website. But as I said this alart is very old. I mean Malwarebyte detects it in all of my PC's at first run, even if I reinstalled it recently. This happens much before before even immunet were in the market.

[Alboguy]

Where did you get the Widows Cd? Maybe the virus is inside in there...

[leofelix]

Hi,
System32.dll simply doesn't exist
It is not a system file. I mean.
Would you please upload System32.dll to www.virustotal.com?

[sujay]

Where did you get the Widows Cd? Maybe the virus is inside in there...

I purchased it from a retailer. But it couldn't be inside the CD. Because the same system32.dll problem occurred in my laptop which has windows7.

Would you please upload System32.dll to www.virustotal.com?

surely I will. Actually right now I am not in my Desktop. Would u mind if I do it a little later. But I already uploaded it to virustotal with 0 detection.

[leofelix]

surely I will. Actually right now I am not in my Desktop. Would u mind if I do it a little later. But I already uploaded it to virustotal with 0 detection.

Ok. I can wait of course

Even if it looks very strange since system32.dll doesn't exists as far as I know.
MBAM sould have deleted and/or quarantined.

However, I think some experts will help you soon

[sujay]

MBAM sould have deleted and/or quarantined.

yes MBAM deleted this. So should I restore this..!! MBAM does not give a option to save it to other location.

Even if it looks very strange since system32.dll doesn't exists as far as I know.

I have googled about system32.dll and got a information that it is related to harnig trojan. Not a reliable source though.

However, I think some experts will help you soon

You are wise enough.. to find that I have asked about this in malwarebyte forum. No answer yet from them. I've asked in the wilders also.