TechSpot

Redirects in google on IE and Firefox and also taking forever to actually get to site

Inactive
By jummies14
Jun 26, 2011
  1. Hi,
    I noticed in the past few days that the search results for google have been hijacked in both IE and Firefox. Also, now it seems it takes forever for the browser to actually get to webpages that I manually type in the search/address bar. Sounds like I have a virus. Can you help?
     
  2. Broni

    Broni Malware Annihilator Posts: 47,995   +271

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. jummies14

    jummies14 TS Rookie Topic Starter

    malware log

    Malwarebytes' Anti-Malware 1.51.0.1200
    www.malwarebytes.org

    Database version: 6956

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 9.0.8112.16421

    6/27/2011 8:06:04 AM
    mbam-log-2011-06-27 (08-06-04).txt

    Scan type: Full scan (C:\|D:\|)
    Objects scanned: 520572
    Time elapsed: 3 hour(s), 55 minute(s), 43 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 1
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 6

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\Windows\System32\02000000e25e6e271270c.manifest (Malware.Trace) -> Quarantined and deleted successfully.
    c:\Windows\System32\02000000e25e6e271270o.manifest (Malware.Trace) -> Quarantined and deleted successfully.
    c:\Windows\System32\02000000e25e6e271270p.manifest (Malware.Trace) -> Quarantined and deleted successfully.
    c:\Windows\System32\02000000e25e6e271270s.manifest (Malware.Trace) -> Quarantined and deleted successfully.
    c:\Users\Melissa\0.4198507408222991.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
    c:\Users\Melissa\msiexec.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
     
  4. Broni

    Broni Malware Annihilator Posts: 47,995   +271

    Go on.............
     
  5. jummies14

    jummies14 TS Rookie Topic Starter

    GMER 1.0.15.15640 - http://www.gmer.net
    Rootkit quick scan 2011-06-27 14:16:25
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 TOSHIBA_MK3252GSX rev.LV011C
    Running: dx3o91op.exe; Driver: C:\Users\Melissa\AppData\Local\Temp\kwliifod.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----
     
  6. jummies14

    jummies14 TS Rookie Topic Starter

    DDS

    .
    DDS (Ver_2011-06-23.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_23
    Run by Melissa at 9:56:55 on 2011-06-28
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.1162 [GMT -4:00]
    .
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Windows\system32\svchost.exe -k hpdevmgmt
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\dpnet32.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\ProgramData\iasdatastore32.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Users\Melissa\AppData\Roaming\Google\Google Talk\googletalk.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.bin
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uInternet Settings,ProxyOverride = *.local
    BHO: {015aad22-1c22-4f83-8b67-bdabffacca07} - c:\windows\system32\AUDIOKSE32.dll
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: ddca532: {4275c81b-048e-a041-758e-2899b7806bc2} - c:\programdata\AUDIOKSE32.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
    uRun: [googletalk] c:\users\melissa\appdata\roaming\google\google talk\googletalk.exe /autostart
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    StartupFolder: c:\users\melissa\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
    StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    TCP: DhcpNameServer = 205.152.37.23 205.152.150.23 192.168.1.1
    TCP: Interfaces\{455F4395-0CCE-4439-8CC2-E3D7A1C19DBE} : DhcpNameServer = 10.1.10.1
    TCP: Interfaces\{532707F5-92A3-40DE-9671-F6687DF3F53D} : DhcpNameServer = 205.152.37.23 205.152.150.23 192.168.1.1
    Notify: igfxcui - igfxdev.dll
    AppInit_DLLs: c:\programdata\AUDIOKSE32.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\melissa\appdata\roaming\mozilla\firefox\profiles\cevpi6tt.default\
    FF - prefs.js: browser.startup.homepage - msn.com
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\NPcol500.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
    FF - plugin: c:\users\melissa\appdata\roaming\mozilla\plugins\npatgpc.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    ============= SERVICES / DRIVERS ===============
    .
    R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
    R2 RemoteAccess32;Routing and Remote Access ;c:\windows\system32\dpnet32.exe [2011-6-12 795136]
    R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-6-26 39984]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2011-06-27 01:07:13 -------- d-----w- c:\users\melissa\appdata\roaming\Malwarebytes
    2011-06-27 01:06:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-06-27 01:06:11 -------- d-----w- c:\programdata\Malwarebytes
    2011-06-27 01:06:08 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-06-27 01:06:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-06-24 08:42:31 7074640 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{0636b386-04c1-4b7f-b1d9-85e9549a0c9c}\mpengine.dll
    2011-06-18 07:10:50 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2011-06-18 07:10:50 141104 ----a-w- c:\program files\internet explorer\sqmapi.dll
    2011-06-18 07:10:49 1797632 ----a-w- c:\windows\system32\jscript9.dll
    2011-06-18 00:18:06 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
    2011-06-18 00:17:54 273408 ----a-w- c:\windows\system32\drivers\afd.sys
    2011-06-18 00:17:53 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
    2011-06-18 00:17:53 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2011-06-18 00:17:51 563712 ----a-w- c:\windows\system32\oleaut32.dll
    2011-06-18 00:17:26 739328 ----a-w- c:\windows\system32\inetcomm.dll
    2011-06-18 00:17:23 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
    2011-06-18 00:17:23 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-06-18 00:17:23 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-06-18 00:17:20 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
    2011-06-12 19:00:57 795136 ----a-w- c:\programdata\iasdatastore32.exe
    2011-06-12 19:00:57 177664 ----a-w- c:\programdata\AUDIOKSE32.dll
    2011-06-12 19:00:56 795136 ----a-w- c:\windows\system32\dpnet32.exe
    2011-06-12 19:00:54 368128 ----a-w- c:\windows\system32\AUDIOKSE32.dll
    2011-06-06 16:55:30 183696 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
    .
    ==================== Find3M ====================
    .
    2011-05-24 23:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
    .
    ============= FINISH: 9:57:30.51 ===============
     
  7. jummies14

    jummies14 TS Rookie Topic Starter

    DDS (Ver_2011-06-23.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 9/15/2010 2:47:45 PM
    System Uptime: 6/27/2011 7:45:01 PM (14 hours ago)
    .
    Motherboard: Quanta | | 30CC
    Processor: Intel(R) Core(TM)2 Duo CPU T5750 @ 2.00GHz | U2E1 | 1667/667mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 285 GiB total, 151.882 GiB free.
    D: is FIXED (NTFS) - 13 GiB total, 2.441 GiB free.
    E: is CDROM (CDFS)
    F: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP376: 6/23/2011 3:00:16 AM - Windows Update
    RP377: 6/24/2011 3:00:15 AM - Windows Update
    RP378: 6/24/2011 4:42:00 AM - Windows Update
    RP379: 6/25/2011 3:00:18 AM - Windows Update
    RP380: 6/26/2011 3:00:16 AM - Windows Update
    RP381: 6/27/2011 1:36:51 AM - Scheduled Checkpoint
    RP382: 6/27/2011 3:00:22 AM - Windows Update
    RP383: 6/28/2011 3:00:16 AM - Windows Update
    .
    ==== Installed Programs ======================
    .
    32 Bit HP CIO Components Installer
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader X (10.1.0)
    AIO_Scan
    Amazon MP3 Downloader 1.0.10
    AnswerWorks 5.0 English Runtime
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Bonjour
    BufferChm
    C4200
    C4200_doccd
    c4200_Help
    Copy
    Coupon Printer for Windows
    CustomerResearchQFolder
    Destination Component
    DeviceDiscovery
    DeviceManagementQFolder
    DocProc
    DocProcQFolder
    eSupportQFolder
    Google Talk (remove only)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Customer Participation Program 9.0
    HP Imaging Device Functions 9.0
    HP OCR Software 9.0
    HP Photosmart All-In-One Software 9.0
    HP Photosmart Essential 2.01
    HP Photosmart Essential2.01
    HP Product Assistant
    HP Solution Center 9.0
    HP Update
    HPProductAssistant
    HPSSupply
    Intel(R) Graphics Media Accelerator Driver
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 23
    Kidzui
    Malwarebytes' Anti-Malware version 1.51.0.1200
    MarketResearch
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Office Professional Edition 2003
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Mozilla Firefox 5.0 (x86 en-US)
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    OpenOffice.org 3.2
    PS_AIO_ProductContext
    PS_AIO_Software
    PS_AIO_Software_min
    PSSWCORE
    Quicken 2010
    QuickTime
    Reader Rabbit Thinking Adventures Ages 4-6
    RICOH Media Driver
    Scan
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    SolutionCenter
    Status
    Toolbox
    TrayApp
    UnloadSupport
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    VideoToolkit01
    WebEx
    WebReg
    Yahoo! Messenger
    Yahoo! Software Update
    Yahoo! Toolbar
    .
    ==== Event Viewer Messages From Past Week ========
    .
    6/27/2011 8:09:51 AM, Error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
    6/27/2011 8:09:51 AM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    6/22/2011 4:11:33 AM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:.
    6/22/2011 4:10:56 AM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort2.
    6/21/2011 1:36:17 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Pml Driver HPZ12 service to connect.
    6/21/2011 1:36:17 AM, Error: Service Control Manager [7000] - The Pml Driver HPZ12 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    .
    ==== End Of File ===========================
     
  8. Broni

    Broni Malware Annihilator Posts: 47,995   +271

    I don't see any AV program running.
    Please, install one of these:
    - Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html
    - Avira free antivirus: http://www.free-av.com/en/download/1/avira_antivir_personal__free_antivirus.html
    Update, run full scan, report on any findings.

    Then....

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    Click the "Scan" button to start scan:
    [​IMG]

    On completion of the scan click "Save log", save it to your desktop and post in your next reply:
    [​IMG]

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ===================================================================

    Please download Rootkit Unhooker from one of the following links and save it to your desktop.
    In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can download, install and use the free 7-zip utility.

    • Double-click on RKUnhookerLE.exe to start the program.
      Vista/Windows 7 users right-click and select Run As Administrator.
    • Click the Report tab, then click Scan.
    • Check Drivers, Stealth, and uncheck the rest.
    • Click OK.
    • Wait until it's finished and then go to File > Save Report.
    • Save the report to your Desktop.
    • Copy and paste the contents of the report into your next reply.
    -- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".
     
  9. jummies14

    jummies14 TS Rookie Topic Starter

    I am having trouble getting either of the free AV programs to work. I download avira but get a dll error when it is about to be done installing. The executable for avast never finishes downloading. Now what?
     
  10. jummies14

    jummies14 TS Rookie Topic Starter

    Ok I resolved that by downloading it from techspot vs Cnet
     
  11. jummies14

    jummies14 TS Rookie Topic Starter

    Avast found 5 infected files. Do I repair them or do I just continue with the steps you listed?
     
     
  12. Broni

    Broni Malware Annihilator Posts: 47,995   +271

    You can allow Avast to fix any findings.
     
  13. jummies14

    jummies14 TS Rookie Topic Starter

    Avira AntiVir Personal
    Report file date: Thursday, June 30, 2011 07:32

    Scanning for 2789985 virus strains and unwanted programs.

    The program is running as an unrestricted full version.
    Online services are available:

    Licensee : Avira AntiVir Personal - FREE Antivirus
    Serial number : 0000149996-ADJIE-0000001
    Platform : Windows Vista
    Windows version : (Service Pack 2) [6.0.6002]
    Boot mode : Normally booted
    Username : SYSTEM
    Computer name : MELISSA-PC

    Version information:
    BUILD.DAT : 10.0.0.650 31822 Bytes 6/17/2011 15:43:00
    AVSCAN.EXE : 10.0.4.2 442024 Bytes 6/17/2011 16:36:21
    AVSCAN.DLL : 10.0.3.0 46440 Bytes 6/17/2011 16:37:04
    LUKE.DLL : 10.0.3.2 104296 Bytes 6/17/2011 16:36:49
    LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 04:40:49
    VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 14:05:36
    VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 11:53:55
    VBASE002.VDF : 7.11.3.0 1950720 Bytes 2/9/2011 11:53:56
    VBASE003.VDF : 7.11.5.225 1980416 Bytes 4/7/2011 16:36:57
    VBASE004.VDF : 7.11.8.178 2354176 Bytes 5/31/2011 16:18:22
    VBASE005.VDF : 7.11.8.179 2048 Bytes 5/31/2011 16:18:22
    VBASE006.VDF : 7.11.8.180 2048 Bytes 5/31/2011 16:18:22
    VBASE007.VDF : 7.11.8.181 2048 Bytes 5/31/2011 16:18:23
    VBASE008.VDF : 7.11.8.182 2048 Bytes 5/31/2011 16:18:23
    VBASE009.VDF : 7.11.8.183 2048 Bytes 5/31/2011 16:18:23
    VBASE010.VDF : 7.11.8.184 2048 Bytes 5/31/2011 16:18:23
    VBASE011.VDF : 7.11.8.185 2048 Bytes 5/31/2011 16:18:23
    VBASE012.VDF : 7.11.8.186 2048 Bytes 5/31/2011 16:18:23
    VBASE013.VDF : 7.11.8.222 121856 Bytes 6/2/2011 05:49:15
    VBASE014.VDF : 7.11.9.7 134656 Bytes 6/4/2011 19:10:35
    VBASE015.VDF : 7.11.9.42 136192 Bytes 6/6/2011 19:39:56
    VBASE016.VDF : 7.11.9.72 117248 Bytes 6/7/2011 18:44:57
    VBASE017.VDF : 7.11.9.107 130560 Bytes 6/9/2011 11:03:40
    VBASE018.VDF : 7.11.9.143 132096 Bytes 6/10/2011 20:53:41
    VBASE019.VDF : 7.11.9.172 141824 Bytes 6/14/2011 10:29:55
    VBASE020.VDF : 7.11.9.214 144896 Bytes 6/15/2011 20:32:34
    VBASE021.VDF : 7.11.9.244 196608 Bytes 6/16/2011 21:51:31
    VBASE022.VDF : 7.11.9.245 2048 Bytes 6/16/2011 21:51:31
    VBASE023.VDF : 7.11.9.246 2048 Bytes 6/16/2011 21:51:31
    VBASE024.VDF : 7.11.9.247 2048 Bytes 6/16/2011 21:51:31
    VBASE025.VDF : 7.11.9.248 2048 Bytes 6/16/2011 21:51:31
    VBASE026.VDF : 7.11.9.249 2048 Bytes 6/16/2011 21:51:31
    VBASE027.VDF : 7.11.9.250 2048 Bytes 6/16/2011 21:51:31
    VBASE028.VDF : 7.11.9.251 2048 Bytes 6/16/2011 21:51:31
    VBASE029.VDF : 7.11.9.252 2048 Bytes 6/16/2011 21:51:31
    VBASE030.VDF : 7.11.9.253 2048 Bytes 6/16/2011 21:51:31
    VBASE031.VDF : 7.11.10.5 45056 Bytes 6/17/2011 16:49:39
    Engineversion : 8.2.5.20
    AEVDF.DLL : 8.1.2.1 106868 Bytes 4/21/2011 11:53:28
    AESCRIPT.DLL : 8.1.3.65 1606010 Bytes 6/16/2011 04:54:00
    AESCN.DLL : 8.1.7.2 127349 Bytes 4/21/2011 11:53:27
    AESBX.DLL : 8.2.1.34 323957 Bytes 6/16/2011 04:54:00
    AERDL.DLL : 8.1.9.9 639347 Bytes 6/17/2011 16:36:10
    AEPACK.DLL : 8.2.6.9 557429 Bytes 6/16/2011 04:54:00
    AEOFFICE.DLL : 8.1.1.25 205178 Bytes 6/16/2011 04:54:00
    AEHEUR.DLL : 8.1.2.128 3547512 Bytes 6/16/2011 04:54:00
    AEHELP.DLL : 8.1.17.2 246135 Bytes 6/16/2011 04:54:00
    AEGEN.DLL : 8.1.5.6 401780 Bytes 6/16/2011 04:54:00
    AEEMU.DLL : 8.1.3.0 393589 Bytes 4/21/2011 11:53:14
    AECORE.DLL : 8.1.21.1 196983 Bytes 6/16/2011 04:54:00
    AEBB.DLL : 8.1.1.0 53618 Bytes 4/21/2011 11:53:14
    AVWINLL.DLL : 10.0.0.0 19304 Bytes 4/21/2011 11:53:36
    AVPREF.DLL : 10.0.0.0 44904 Bytes 6/17/2011 16:36:20
    AVREP.DLL : 10.0.0.8 62209 Bytes 6/17/2011 16:36:20
    AVREG.DLL : 10.0.3.2 53096 Bytes 6/17/2011 16:36:20
    AVSCPLR.DLL : 10.0.4.2 84840 Bytes 6/17/2011 16:36:21
    AVARKT.DLL : 10.0.22.6 231784 Bytes 6/17/2011 16:36:13
    AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 6/17/2011 16:36:18
    SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 19:27:22
    AVSMTP.DLL : 10.0.0.17 63848 Bytes 4/21/2011 11:53:36
    NETNT.DLL : 10.0.0.0 11624 Bytes 4/21/2011 11:53:46
    RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 6/17/2011 16:37:06
    RCTEXT.DLL : 10.0.58.0 97128 Bytes 6/17/2011 16:37:06

    Configuration settings for the scan:
    Jobname.............................: Complete system scan
    Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
    Logging.............................: low
    Primary action......................: interactive
    Secondary action....................: ignore
    Scan master boot sector.............: on
    Scan boot sector....................: on
    Boot sectors........................: C:, D:,
    Process scan........................: on
    Extended process scan...............: on
    Scan registry.......................: on
    Search for rootkits.................: on
    Integrity checking of system files..: off
    Scan all files......................: All files
    Scan archives.......................: on
    Recursion depth.....................: 20
    Smart extensions....................: on
    Macro heuristic.....................: on
    File heuristic......................: medium

    Start of the scan: Thursday, June 30, 2011 07:32

    Starting search for hidden objects.

    The scan of running processes will be started
    Scan process 'wuauclt.exe' - '35' Module(s) have been scanned
    Scan process 'svchost.exe' - '31' Module(s) have been scanned
    Scan process 'vssvc.exe' - '50' Module(s) have been scanned
    Scan process 'avscan.exe' - '82' Module(s) have been scanned
    Scan process 'avscan.exe' - '30' Module(s) have been scanned
    Scan process 'avcenter.exe' - '66' Module(s) have been scanned
    Scan process 'svchost.exe' - '33' Module(s) have been scanned
    Scan process 'ymsgr_tray.exe' - '29' Module(s) have been scanned
    Scan process 'iPodService.exe' - '33' Module(s) have been scanned
    Scan process 'wmpnetwk.exe' - '65' Module(s) have been scanned
    Scan process 'wmpnscfg.exe' - '30' Module(s) have been scanned
    Scan process 'hpqSTE08.exe' - '55' Module(s) have been scanned
    Scan process 'sidebar.exe' - '90' Module(s) have been scanned
    Scan process 'soffice.bin' - '99' Module(s) have been scanned
    Scan process 'svchost.exe' - '24' Module(s) have been scanned
    Scan process 'soffice.exe' - '18' Module(s) have been scanned
    Scan process 'hpqtra08.exe' - '69' Module(s) have been scanned
    Scan process 'googletalk.exe' - '81' Module(s) have been scanned
    Scan process 'sidebar.exe' - '60' Module(s) have been scanned
    Scan process 'AvastUI.exe' - '87' Module(s) have been scanned
    Scan process 'avgnt.exe' - '54' Module(s) have been scanned
    Scan process 'iTunesHelper.exe' - '75' Module(s) have been scanned
    Scan process 'jusched.exe' - '23' Module(s) have been scanned
    Scan process 'hpwuSchd2.exe' - '17' Module(s) have been scanned
    Scan process 'igfxpers.exe' - '23' Module(s) have been scanned
    Scan process 'igfxsrvc.exe' - '28' Module(s) have been scanned
    Scan process 'hkcmd.exe' - '23' Module(s) have been scanned
    Scan process 'WerFault.exe' - '38' Module(s) have been scanned
    Scan process 'YahooAUService.exe' - '72' Module(s) have been scanned
    Scan process 'WUDFHost.exe' - '36' Module(s) have been scanned
    Scan process 'SearchIndexer.exe' - '61' Module(s) have been scanned
    Scan process 'svchost.exe' - '8' Module(s) have been scanned
    Scan process 'svchost.exe' - '50' Module(s) have been scanned
    Scan process 'svchost.exe' - '43' Module(s) have been scanned
    Scan process 'avshadow.exe' - '34' Module(s) have been scanned
    Scan process 'svchost.exe' - '42' Module(s) have been scanned
    Scan process 'mDNSResponder.exe' - '34' Module(s) have been scanned
    Scan process 'AppleMobileDeviceService.exe' - '49' Module(s) have been scanned
    Scan process 'avguard.exe' - '66' Module(s) have been scanned
    Scan process 'armsvc.exe' - '26' Module(s) have been scanned
    Scan process 'taskeng.exe' - '83' Module(s) have been scanned
    Scan process 'taskeng.exe' - '50' Module(s) have been scanned
    Scan process 'Explorer.EXE' - '131' Module(s) have been scanned
    Scan process 'svchost.exe' - '66' Module(s) have been scanned
    Scan process 'Dwm.exe' - '27' Module(s) have been scanned
    Scan process 'sched.exe' - '57' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '86' Module(s) have been scanned
    Scan process 'AvastSvc.exe' - '98' Module(s) have been scanned
    Scan process 'svchost.exe' - '95' Module(s) have been scanned
    Scan process 'svchost.exe' - '88' Module(s) have been scanned
    Scan process 'SLsvc.exe' - '26' Module(s) have been scanned
    Scan process 'svchost.exe' - '40' Module(s) have been scanned
    Scan process 'svchost.exe' - '154' Module(s) have been scanned
    Scan process 'svchost.exe' - '117' Module(s) have been scanned
    Scan process 'svchost.exe' - '67' Module(s) have been scanned
    Scan process 'svchost.exe' - '44' Module(s) have been scanned
    Scan process 'svchost.exe' - '48' Module(s) have been scanned
    Scan process 'winlogon.exe' - '34' Module(s) have been scanned
    Scan process 'lsm.exe' - '25' Module(s) have been scanned
    Scan process 'lsass.exe' - '65' Module(s) have been scanned
    Scan process 'services.exe' - '36' Module(s) have been scanned
    Scan process 'csrss.exe' - '14' Module(s) have been scanned
    Scan process 'wininit.exe' - '29' Module(s) have been scanned
    Scan process 'csrss.exe' - '14' Module(s) have been scanned
    Scan process 'smss.exe' - '2' Module(s) have been scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!
    Master boot sector HD1
    [INFO] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!
    Boot sector 'D:\'
    [INFO] No virus was found!

    Starting to scan executable files (registry).
    The registry was scanned ( '1630' files ).


    Starting the file scan:

    Begin scan in 'C:\'
    C:\ProgramData\iasdatastore32.exe
    [DETECTION] Is the TR/Kazy.26487.4 Trojan
    C:\Windows.old\Users\Melissa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\34b8f51-68af12ae
    [0] Archive type: ZIP
    [DETECTION] Contains recognition pattern of the JAVA/Agent.DT Java virus
    --> javax/AServers.class
    [DETECTION] Contains recognition pattern of the JAVA/Agent.DT Java virus
    --> javax/Server1.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Agen.FE.1 Java virus
    --> javax/Server2.class
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Agent.FE Java virus
    C:\Windows.old\Users\Melissa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\2d0009e1-780d894d
    [0] Archive type: ZIP
    [DETECTION] Contains recognition pattern of the JAVA/Agent.DU Java virus
    --> Email.class
    [DETECTION] Contains recognition pattern of the JAVA/Agent.DU Java virus
    --> ExecService.class
    [DETECTION] Contains recognition pattern of the JAVA/Agent.DR.4 Java virus
    C:\Windows.old\Users\Melissa\Desktop\FrostWire\Saved\holler back including keygen by team Black_X.zip
    [0] Archive type: ZIP
    [DETECTION] Is the TR/Dropper.Gen Trojan
    --> keygen.from.Black.X/keygen.exe
    [DETECTION] Is the TR/Dropper.Gen Trojan
    --> setup.exe
    [DETECTION] Is the TR/Dropper.Gen Trojan
    Begin scan in 'D:\' <HP_RECOVERY>

    Beginning disinfection:
    C:\Windows.old\Users\Melissa\Desktop\FrostWire\Saved\holler back including keygen by team Black_X.zip
    [DETECTION] Is the TR/Dropper.Gen Trojan
    [NOTE] The file was moved to the quarantine directory under the name '4b4e2e60.qua'.
    C:\Windows.old\Users\Melissa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\2d0009e1-780d894d
    [DETECTION] Contains recognition pattern of the JAVA/Agent.DR.4 Java virus
    [NOTE] The file was moved to the quarantine directory under the name '539d01bc.qua'.
    C:\Windows.old\Users\Melissa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\34b8f51-68af12ae
    [DETECTION] Contains recognition pattern of the JAVA/Dldr.Agent.FE Java virus
    [NOTE] The file was moved to the quarantine directory under the name '01905b64.qua'.
    C:\ProgramData\iasdatastore32.exe
    [DETECTION] Is the TR/Kazy.26487.4 Trojan
    [NOTE] The file was moved to the quarantine directory under the name '67b6149b.qua'.


    End of the scan: Thursday, June 30, 2011 10:38
    Used time: 3:03:17 Hour(s)

    The scan has been done completely.

    57216 Scanned directories
    1294203 Files were scanned
    8 Viruses and/or unwanted programs were found
    0 Files were classified as suspicious
    0 files were deleted
    0 Viruses and unwanted programs were repaired
    4 Files were moved to quarantine
    0 Files were renamed
    0 Files cannot be scanned
    1294195 Files not concerned
    7760 Archives were scanned
    0 Warnings
    4 Notes
    750939 Objects were scanned with rootkit scan
    0 Hidden objects were found
     
  14. Broni

    Broni Malware Annihilator Posts: 47,995   +271

    Go on.....
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.