Inactive Redirects in google on IE and Firefox and also taking forever to actually get to site

Status
Not open for further replies.
J

jummies14

Posts: 9   +0
Hi,
I noticed in the past few days that the search results for google have been hijacked in both IE and Firefox. Also, now it seems it takes forever for the browser to actually get to webpages that I manually type in the search/address bar. Sounds like I have a virus. Can you help?
 
Welcome aboard
yahooo.gif


Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
malware log

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6956

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

6/27/2011 8:06:04 AM
mbam-log-2011-06-27 (08-06-04).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 520572
Time elapsed: 3 hour(s), 55 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\System32\02000000e25e6e271270c.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\Windows\System32\02000000e25e6e271270o.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\Windows\System32\02000000e25e6e271270p.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\Windows\System32\02000000e25e6e271270s.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\Users\Melissa\0.4198507408222991.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Users\Melissa\msiexec.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
 
GMER 1.0.15.15640 - http://www.gmer.net
Rootkit quick scan 2011-06-27 14:16:25
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 TOSHIBA_MK3252GSX rev.LV011C
Running: dx3o91op.exe; Driver: C:\Users\Melissa\AppData\Local\Temp\kwliifod.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
 
DDS

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_23
Run by Melissa at 9:56:55 on 2011-06-28
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.1162 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\dpnet32.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\ProgramData\iasdatastore32.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Melissa\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: {015aad22-1c22-4f83-8b67-bdabffacca07} - c:\windows\system32\AUDIOKSE32.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: ddca532: {4275c81b-048e-a041-758e-2899b7806bc2} - c:\programdata\AUDIOKSE32.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [googletalk] c:\users\melissa\appdata\roaming\google\google talk\googletalk.exe /autostart
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\users\melissa\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
TCP: DhcpNameServer = 205.152.37.23 205.152.150.23 192.168.1.1
TCP: Interfaces\{455F4395-0CCE-4439-8CC2-E3D7A1C19DBE} : DhcpNameServer = 10.1.10.1
TCP: Interfaces\{532707F5-92A3-40DE-9671-F6687DF3F53D} : DhcpNameServer = 205.152.37.23 205.152.150.23 192.168.1.1
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\programdata\AUDIOKSE32.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\melissa\appdata\roaming\mozilla\firefox\profiles\cevpi6tt.default\
FF - prefs.js: browser.startup.homepage - msn.com
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol500.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\users\melissa\appdata\roaming\mozilla\plugins\npatgpc.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 RemoteAccess32;Routing and Remote Access ;c:\windows\system32\dpnet32.exe [2011-6-12 795136]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-6-26 39984]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-06-27 01:07:13 -------- d-----w- c:\users\melissa\appdata\roaming\Malwarebytes
2011-06-27 01:06:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-27 01:06:11 -------- d-----w- c:\programdata\Malwarebytes
2011-06-27 01:06:08 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-27 01:06:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-24 08:42:31 7074640 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{0636b386-04c1-4b7f-b1d9-85e9549a0c9c}\mpengine.dll
2011-06-18 07:10:50 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-06-18 07:10:50 141104 ----a-w- c:\program files\internet explorer\sqmapi.dll
2011-06-18 07:10:49 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-06-18 00:18:06 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-06-18 00:17:54 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-18 00:17:53 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-18 00:17:53 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-18 00:17:51 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-18 00:17:26 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-18 00:17:23 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-18 00:17:23 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-18 00:17:23 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-18 00:17:20 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-06-12 19:00:57 795136 ----a-w- c:\programdata\iasdatastore32.exe
2011-06-12 19:00:57 177664 ----a-w- c:\programdata\AUDIOKSE32.dll
2011-06-12 19:00:56 795136 ----a-w- c:\windows\system32\dpnet32.exe
2011-06-12 19:00:54 368128 ----a-w- c:\windows\system32\AUDIOKSE32.dll
2011-06-06 16:55:30 183696 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2011-05-24 23:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 9:57:30.51 ===============
 
DDS (Ver_2011-06-23.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 9/15/2010 2:47:45 PM
System Uptime: 6/27/2011 7:45:01 PM (14 hours ago)
.
Motherboard: Quanta | | 30CC
Processor: Intel(R) Core(TM)2 Duo CPU T5750 @ 2.00GHz | U2E1 | 1667/667mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 285 GiB total, 151.882 GiB free.
D: is FIXED (NTFS) - 13 GiB total, 2.441 GiB free.
E: is CDROM (CDFS)
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP376: 6/23/2011 3:00:16 AM - Windows Update
RP377: 6/24/2011 3:00:15 AM - Windows Update
RP378: 6/24/2011 4:42:00 AM - Windows Update
RP379: 6/25/2011 3:00:18 AM - Windows Update
RP380: 6/26/2011 3:00:16 AM - Windows Update
RP381: 6/27/2011 1:36:51 AM - Scheduled Checkpoint
RP382: 6/27/2011 3:00:22 AM - Windows Update
RP383: 6/28/2011 3:00:16 AM - Windows Update
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.1.0)
AIO_Scan
Amazon MP3 Downloader 1.0.10
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
BufferChm
C4200
C4200_doccd
c4200_Help
Copy
Coupon Printer for Windows
CustomerResearchQFolder
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DocProc
DocProcQFolder
eSupportQFolder
Google Talk (remove only)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 9.0
HP Imaging Device Functions 9.0
HP OCR Software 9.0
HP Photosmart All-In-One Software 9.0
HP Photosmart Essential 2.01
HP Photosmart Essential2.01
HP Product Assistant
HP Solution Center 9.0
HP Update
HPProductAssistant
HPSSupply
Intel(R) Graphics Media Accelerator Driver
iTunes
Java Auto Updater
Java(TM) 6 Update 23
Kidzui
Malwarebytes' Anti-Malware version 1.51.0.1200
MarketResearch
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox 5.0 (x86 en-US)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OpenOffice.org 3.2
PS_AIO_ProductContext
PS_AIO_Software
PS_AIO_Software_min
PSSWCORE
Quicken 2010
QuickTime
Reader Rabbit Thinking Adventures Ages 4-6
RICOH Media Driver
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
SolutionCenter
Status
Toolbox
TrayApp
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VideoToolkit01
WebEx
WebReg
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
6/27/2011 8:09:51 AM, Error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
6/27/2011 8:09:51 AM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
6/22/2011 4:11:33 AM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:.
6/22/2011 4:10:56 AM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort2.
6/21/2011 1:36:17 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Pml Driver HPZ12 service to connect.
6/21/2011 1:36:17 AM, Error: Service Control Manager [7000] - The Pml Driver HPZ12 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================
 
I don't see any AV program running.
Please, install one of these:
- Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html
- Avira free antivirus: http://www.free-av.com/en/download/1/avira_antivir_personal__free_antivirus.html
Update, run full scan, report on any findings.

Then....

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
Click the "Scan" button to start scan:


On completion of the scan click "Save log", save it to your desktop and post in your next reply:


NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

===================================================================

Please download Rootkit Unhooker from one of the following links and save it to your desktop.
In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can download, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".
 
I am having trouble getting either of the free AV programs to work. I download avira but get a dll error when it is about to be done installing. The executable for avast never finishes downloading. Now what?
 
Avira AntiVir Personal
Report file date: Thursday, June 30, 2011 07:32

Scanning for 2789985 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows Vista
Windows version : (Service Pack 2) [6.0.6002]
Boot mode : Normally booted
Username : SYSTEM
Computer name : MELISSA-PC

Version information:
BUILD.DAT : 10.0.0.650 31822 Bytes 6/17/2011 15:43:00
AVSCAN.EXE : 10.0.4.2 442024 Bytes 6/17/2011 16:36:21
AVSCAN.DLL : 10.0.3.0 46440 Bytes 6/17/2011 16:37:04
LUKE.DLL : 10.0.3.2 104296 Bytes 6/17/2011 16:36:49
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 04:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 14:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 11:53:55
VBASE002.VDF : 7.11.3.0 1950720 Bytes 2/9/2011 11:53:56
VBASE003.VDF : 7.11.5.225 1980416 Bytes 4/7/2011 16:36:57
VBASE004.VDF : 7.11.8.178 2354176 Bytes 5/31/2011 16:18:22
VBASE005.VDF : 7.11.8.179 2048 Bytes 5/31/2011 16:18:22
VBASE006.VDF : 7.11.8.180 2048 Bytes 5/31/2011 16:18:22
VBASE007.VDF : 7.11.8.181 2048 Bytes 5/31/2011 16:18:23
VBASE008.VDF : 7.11.8.182 2048 Bytes 5/31/2011 16:18:23
VBASE009.VDF : 7.11.8.183 2048 Bytes 5/31/2011 16:18:23
VBASE010.VDF : 7.11.8.184 2048 Bytes 5/31/2011 16:18:23
VBASE011.VDF : 7.11.8.185 2048 Bytes 5/31/2011 16:18:23
VBASE012.VDF : 7.11.8.186 2048 Bytes 5/31/2011 16:18:23
VBASE013.VDF : 7.11.8.222 121856 Bytes 6/2/2011 05:49:15
VBASE014.VDF : 7.11.9.7 134656 Bytes 6/4/2011 19:10:35
VBASE015.VDF : 7.11.9.42 136192 Bytes 6/6/2011 19:39:56
VBASE016.VDF : 7.11.9.72 117248 Bytes 6/7/2011 18:44:57
VBASE017.VDF : 7.11.9.107 130560 Bytes 6/9/2011 11:03:40
VBASE018.VDF : 7.11.9.143 132096 Bytes 6/10/2011 20:53:41
VBASE019.VDF : 7.11.9.172 141824 Bytes 6/14/2011 10:29:55
VBASE020.VDF : 7.11.9.214 144896 Bytes 6/15/2011 20:32:34
VBASE021.VDF : 7.11.9.244 196608 Bytes 6/16/2011 21:51:31
VBASE022.VDF : 7.11.9.245 2048 Bytes 6/16/2011 21:51:31
VBASE023.VDF : 7.11.9.246 2048 Bytes 6/16/2011 21:51:31
VBASE024.VDF : 7.11.9.247 2048 Bytes 6/16/2011 21:51:31
VBASE025.VDF : 7.11.9.248 2048 Bytes 6/16/2011 21:51:31
VBASE026.VDF : 7.11.9.249 2048 Bytes 6/16/2011 21:51:31
VBASE027.VDF : 7.11.9.250 2048 Bytes 6/16/2011 21:51:31
VBASE028.VDF : 7.11.9.251 2048 Bytes 6/16/2011 21:51:31
VBASE029.VDF : 7.11.9.252 2048 Bytes 6/16/2011 21:51:31
VBASE030.VDF : 7.11.9.253 2048 Bytes 6/16/2011 21:51:31
VBASE031.VDF : 7.11.10.5 45056 Bytes 6/17/2011 16:49:39
Engineversion : 8.2.5.20
AEVDF.DLL : 8.1.2.1 106868 Bytes 4/21/2011 11:53:28
AESCRIPT.DLL : 8.1.3.65 1606010 Bytes 6/16/2011 04:54:00
AESCN.DLL : 8.1.7.2 127349 Bytes 4/21/2011 11:53:27
AESBX.DLL : 8.2.1.34 323957 Bytes 6/16/2011 04:54:00
AERDL.DLL : 8.1.9.9 639347 Bytes 6/17/2011 16:36:10
AEPACK.DLL : 8.2.6.9 557429 Bytes 6/16/2011 04:54:00
AEOFFICE.DLL : 8.1.1.25 205178 Bytes 6/16/2011 04:54:00
AEHEUR.DLL : 8.1.2.128 3547512 Bytes 6/16/2011 04:54:00
AEHELP.DLL : 8.1.17.2 246135 Bytes 6/16/2011 04:54:00
AEGEN.DLL : 8.1.5.6 401780 Bytes 6/16/2011 04:54:00
AEEMU.DLL : 8.1.3.0 393589 Bytes 4/21/2011 11:53:14
AECORE.DLL : 8.1.21.1 196983 Bytes 6/16/2011 04:54:00
AEBB.DLL : 8.1.1.0 53618 Bytes 4/21/2011 11:53:14
AVWINLL.DLL : 10.0.0.0 19304 Bytes 4/21/2011 11:53:36
AVPREF.DLL : 10.0.0.0 44904 Bytes 6/17/2011 16:36:20
AVREP.DLL : 10.0.0.8 62209 Bytes 6/17/2011 16:36:20
AVREG.DLL : 10.0.3.2 53096 Bytes 6/17/2011 16:36:20
AVSCPLR.DLL : 10.0.4.2 84840 Bytes 6/17/2011 16:36:21
AVARKT.DLL : 10.0.22.6 231784 Bytes 6/17/2011 16:36:13
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 6/17/2011 16:36:18
SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 19:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 4/21/2011 11:53:36
NETNT.DLL : 10.0.0.0 11624 Bytes 4/21/2011 11:53:46
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 6/17/2011 16:37:06
RCTEXT.DLL : 10.0.58.0 97128 Bytes 6/17/2011 16:37:06

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Thursday, June 30, 2011 07:32

Starting search for hidden objects.

The scan of running processes will be started
Scan process 'wuauclt.exe' - '35' Module(s) have been scanned
Scan process 'svchost.exe' - '31' Module(s) have been scanned
Scan process 'vssvc.exe' - '50' Module(s) have been scanned
Scan process 'avscan.exe' - '82' Module(s) have been scanned
Scan process 'avscan.exe' - '30' Module(s) have been scanned
Scan process 'avcenter.exe' - '66' Module(s) have been scanned
Scan process 'svchost.exe' - '33' Module(s) have been scanned
Scan process 'ymsgr_tray.exe' - '29' Module(s) have been scanned
Scan process 'iPodService.exe' - '33' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '65' Module(s) have been scanned
Scan process 'wmpnscfg.exe' - '30' Module(s) have been scanned
Scan process 'hpqSTE08.exe' - '55' Module(s) have been scanned
Scan process 'sidebar.exe' - '90' Module(s) have been scanned
Scan process 'soffice.bin' - '99' Module(s) have been scanned
Scan process 'svchost.exe' - '24' Module(s) have been scanned
Scan process 'soffice.exe' - '18' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '69' Module(s) have been scanned
Scan process 'googletalk.exe' - '81' Module(s) have been scanned
Scan process 'sidebar.exe' - '60' Module(s) have been scanned
Scan process 'AvastUI.exe' - '87' Module(s) have been scanned
Scan process 'avgnt.exe' - '54' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '75' Module(s) have been scanned
Scan process 'jusched.exe' - '23' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '17' Module(s) have been scanned
Scan process 'igfxpers.exe' - '23' Module(s) have been scanned
Scan process 'igfxsrvc.exe' - '28' Module(s) have been scanned
Scan process 'hkcmd.exe' - '23' Module(s) have been scanned
Scan process 'WerFault.exe' - '38' Module(s) have been scanned
Scan process 'YahooAUService.exe' - '72' Module(s) have been scanned
Scan process 'WUDFHost.exe' - '36' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '61' Module(s) have been scanned
Scan process 'svchost.exe' - '8' Module(s) have been scanned
Scan process 'svchost.exe' - '50' Module(s) have been scanned
Scan process 'svchost.exe' - '43' Module(s) have been scanned
Scan process 'avshadow.exe' - '34' Module(s) have been scanned
Scan process 'svchost.exe' - '42' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '34' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '49' Module(s) have been scanned
Scan process 'avguard.exe' - '66' Module(s) have been scanned
Scan process 'armsvc.exe' - '26' Module(s) have been scanned
Scan process 'taskeng.exe' - '83' Module(s) have been scanned
Scan process 'taskeng.exe' - '50' Module(s) have been scanned
Scan process 'Explorer.EXE' - '131' Module(s) have been scanned
Scan process 'svchost.exe' - '66' Module(s) have been scanned
Scan process 'Dwm.exe' - '27' Module(s) have been scanned
Scan process 'sched.exe' - '57' Module(s) have been scanned
Scan process 'spoolsv.exe' - '86' Module(s) have been scanned
Scan process 'AvastSvc.exe' - '98' Module(s) have been scanned
Scan process 'svchost.exe' - '95' Module(s) have been scanned
Scan process 'svchost.exe' - '88' Module(s) have been scanned
Scan process 'SLsvc.exe' - '26' Module(s) have been scanned
Scan process 'svchost.exe' - '40' Module(s) have been scanned
Scan process 'svchost.exe' - '154' Module(s) have been scanned
Scan process 'svchost.exe' - '117' Module(s) have been scanned
Scan process 'svchost.exe' - '67' Module(s) have been scanned
Scan process 'svchost.exe' - '44' Module(s) have been scanned
Scan process 'svchost.exe' - '48' Module(s) have been scanned
Scan process 'winlogon.exe' - '34' Module(s) have been scanned
Scan process 'lsm.exe' - '25' Module(s) have been scanned
Scan process 'lsass.exe' - '65' Module(s) have been scanned
Scan process 'services.exe' - '36' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'wininit.exe' - '29' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '1630' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\ProgramData\iasdatastore32.exe
[DETECTION] Is the TR/Kazy.26487.4 Trojan
C:\Windows.old\Users\Melissa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\34b8f51-68af12ae
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/Agent.DT Java virus
--> javax/AServers.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.DT Java virus
--> javax/Server1.class
[DETECTION] Contains recognition pattern of the JAVA/Dldr.Agen.FE.1 Java virus
--> javax/Server2.class
[DETECTION] Contains recognition pattern of the JAVA/Dldr.Agent.FE Java virus
C:\Windows.old\Users\Melissa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\2d0009e1-780d894d
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/Agent.DU Java virus
--> Email.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.DU Java virus
--> ExecService.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.DR.4 Java virus
C:\Windows.old\Users\Melissa\Desktop\FrostWire\Saved\holler back including keygen by team Black_X.zip
[0] Archive type: ZIP
[DETECTION] Is the TR/Dropper.Gen Trojan
--> keygen.from.Black.X/keygen.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
--> setup.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
Begin scan in 'D:\' <HP_RECOVERY>

Beginning disinfection:
C:\Windows.old\Users\Melissa\Desktop\FrostWire\Saved\holler back including keygen by team Black_X.zip
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '4b4e2e60.qua'.
C:\Windows.old\Users\Melissa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\2d0009e1-780d894d
[DETECTION] Contains recognition pattern of the JAVA/Agent.DR.4 Java virus
[NOTE] The file was moved to the quarantine directory under the name '539d01bc.qua'.
C:\Windows.old\Users\Melissa\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\34b8f51-68af12ae
[DETECTION] Contains recognition pattern of the JAVA/Dldr.Agent.FE Java virus
[NOTE] The file was moved to the quarantine directory under the name '01905b64.qua'.
C:\ProgramData\iasdatastore32.exe
[DETECTION] Is the TR/Kazy.26487.4 Trojan
[NOTE] The file was moved to the quarantine directory under the name '67b6149b.qua'.


End of the scan: Thursday, June 30, 2011 10:38
Used time: 3:03:17 Hour(s)

The scan has been done completely.

57216 Scanned directories
1294203 Files were scanned
8 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
4 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
1294195 Files not concerned
7760 Archives were scanned
0 Warnings
4 Notes
750939 Objects were scanned with rootkit scan
0 Hidden objects were found
 
Status
Not open for further replies.

Similar threads

midian182
Google's AI-powered search can recommend malicious sites, including scams and malware
Replies
6
Views
138
James Ryan
J
A
Google updates Search to fight low-quality spammy content, doesn't mention "AI" at all
Replies
5
Views
146
UdyrL
UdyrL
A
Google rolls out new shopping tools in Search and Chrome
Replies
1
Views
234
Theinsanegamer
T

Latest posts

Back