Browser Redirect

First post here - and thank you for this terrific site. Running XP and IE8. I have had no Virus Proection Software for years with no issues but recently developed a browser redirect problem. Loaded Firefox as well, and have had same problem. Developed AV Security Suite problem (probably through redirect situation) but was able to remove AV with the help of your site (Malwarebytes Anti Malware Software did the trick - thank you!). However, still have the redirect problem. Continued reading Bleeping Computer aand tried Spybot S&D which seemed to have solved the problem, but it came back). Then I loaded and ran ATF Cleaner and Super Anti Spyware per directions from this site. SAS found and corrected a lot of "problems" and running it again has found 0 problems. However, I still have the redirect problem. I should point out that everytime I run Spybot, it ALWAYS finds a few "problems". I "fix" those problems, but they always come back and I continue to have the Redirect problem. The "problems" Spybot finds are usually defined as follows:
"Blue Streak", Double Click", Fast Click", "Media Plex", and "Right Media". What should I do next. Thanks you so very much for your help.

Edited by Blade Zephon, 03 July 2010 - 09:36 AM.
Moved from XP to AII. ~BZ

Hello , what is the operating system and Antivirus?
Please post a log from MBAM and SAS that shows what infections were here.
Is this happening with only Google or your browser or both and what are they?

Please do an Online scan...
ESET
Please perform a scan with Eset Online Antiivirus Scanner.
(Requires Internet Explorer to work. If given the option, choose "Quarantine" instead of delete.)
Vista users need to run Internet Explorer as Administrator. Right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

• Click the green ESET Online Scanner button.
• Read the End User License Agreement and check the box: YES, I accept the Terms of Use.
• Click on the Start button next to it.
• You may receive an alert on the address bar that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then click Insall ActiveX component.
• A new window will appear asking "Do you want to install this software?"".
• Answer Yes to download and install the ActiveX controls that allows the scan to run.
• Click Start.
• Check Remove found threats and Scan potentially unwanted applications.
• Click Scan to start. (please be patient as the scan could take some time to complete)
• If offered the option to get information or buy software. Just close the window.
• When the scan has finished, a log.txt file will be created and automatically saved in the C:\Program Files\ESET\ESET Online Scanner\log.txt
  folder.
• Click > Run..., then copy and paste this command into the open box: C:\Program Files\ESET\EsetOnlineScanner\log.txt
• The scan results will open in Notepad. Copy and paste the contents of log.txt in your next reply.

Note: Some online scanners will detect existing anti-virus software and refuse to cooperate. You may have to disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished.

Thank you again, and here are answers to your questions:

1) Have no Antivirus software (never had any, and am unsure what to do next - free or buy - and wait for your recommendation)
2) Running Windows XP
3) Have removed serious problems (AV Security Suite, etc) with Malwarebytes. However, I should point out that the Browser redirect problem just won't go away. Ironically, after I posted yesterday, my wife used the computer, was redirected to a malicious site, and it loaded another serious problem last night and I was able to remove it again with Malwarebytes. The log taken after the removal last night is listed below.
4) My browser is Internet Explorer 8 and I also recently loaded Firefox. When I use the Search Engine on my Yahoo home page on IE8 and select a searched entry, I get redirected. If I use Firefox with default Google page for searching, I also get redirected (noting that when I loaded Firefox recently I inadvertently loaded my favorites, etc. from IE8. HOWEVER, ONE IMPORTANT NOTE is that when I use IE8 and go to www.google.com and use the Search Engine on Google thatway, I don't get redirected!
5) I ran ESET Online Scanner per your recommendation, but it showed no problems (therefore there was no log).
6) I'm also attaching SAS log below per your request. Both Spybot and SAS found more "problems".

Here is MBAM log from yesterday:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4245

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

7/3/2010 11:09:54 PM
mbam-log-2010-07-03 (23-09-54).txt

Scan type: Full scan (C:\|)
Objects scanned: 199232
Time elapsed: 37 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Sysinternals Antivirus (Rogue.SysinternalsAntivirus) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Dawn\Local Settings\Temp\0.5093933770310447.exe (Rogue.SysinternalsAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dawn\Local Settings\Temp\win55.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Dawn\Local Settings\Temporary Internet Files\Content.IE5\7THHFW6Q\update[1].exe (Rogue.SysinternalsAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\Sysinternals Antivirus\Sysinternals Antivirus.exe (Rogue.SysinternalsAntivirus) -> Quarantined and deleted successfully.
C:\Program Files\wpp.exe (Rogue.AKMAntivirus) -> Quarantined and deleted successfully.


I don't know how to get the log from SAS. However, when I open the program, under "Manage Quarantined Items", it shows the following quarantined files, it shows the following:

Quarantined on 7/2:

Adware.Flash Tracking Cookie
Adware.Tracking Cookie
Adware.Zango Toolbar/Hg
Malware.Installer-Pkg/Gen
Malware.Trace
Rogue.AntivirusSoft

Quarantined on 7/4:

Adware.Tracking Cookie
Rogue.YourPCProtector

What should I do next? Thanks very much.

Hello, First install this free AV. Scan and post that log.
•Avira Antivir


For future reference.
To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.


Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.


Please ask any needed questions,post logs and Let us know how the PC is running now.

OK. I downloaded and ran Avira Antivir. I loaded just regular version (even though they offered "Premium Version" at no charge - Hope this was right). I then ran MBAM and then SAS again. Although SAS and Avira did find and correct problems, when I was all done, I STILL HAD THE REDIRECT PROBLEM.

MBAM CAME UP WITH NOTHING AS FOLLOWS(7/5 scan):

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4277

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/5/2010 8:45:28 AM
mbam-log-2010-07-05 (08-45-28).txt

Scan type: Quick scan
Objects scanned: 137913
Time elapsed: 10 minute(s), 27 second(s)

FINALLY, YOU ASKED FOR THE SAS LOG. THIS DID FIND PROBLEMS AGAIN. HERE'S THE LATEST LOG:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/05/2010 at 09:29 AM

Application Version : 4.40.1002

Core Rules Database Version : 5147
Trace Rules Database Version: 2959

Scan type : Quick Scan
Total Scan Time : 00:31:58

Memory items scanned : 485
Memory threats detected : 0
Registry items scanned : 1421
Registry threats detected : 0
File items scanned : 26915
File threats detected : 19

Adware.Tracking Cookie
C:\Documents and Settings\Dawn\Cookies\dawn@adinterax[1].txt
C:\Documents and Settings\Dawn\Cookies\dawn@andomedia[1].txt
C:\Documents and Settings\Dawn\Cookies\dawn@ad.yieldmanager[2].txt
C:\Documents and Settings\Dawn\Cookies\dawn@stat.onestat[2].txt
C:\Documents and Settings\Dawn\Cookies\dawn@atdmt[1].txt
C:\Documents and Settings\Dawn\Cookies\dawn@content.yieldmanager[2].txt
C:\Documents and Settings\Dawn\Cookies\dawn@fastclick[2].txt
C:\Documents and Settings\Dawn\Cookies\dawn@doubleclick[1].txt
C:\Documents and Settings\Dawn\Cookies\dawn@invitemedia[2].txt
C:\Documents and Settings\Dawn\Cookies\dawn@a1.interclick[2].txt
C:\Documents and Settings\Dawn\Cookies\dawn@zedo[2].txt
C:\Documents and Settings\Dawn\Cookies\dawn@apmebf[1].txt
C:\Documents and Settings\Dawn\Cookies\dawn@bs.serving-sys[1].txt
C:\Documents and Settings\Dawn\Cookies\dawn@content.yieldmanager[3].txt
C:\Documents and Settings\Dawn\Cookies\dawn@adbrite[1].txt
C:\Documents and Settings\Dawn\Cookies\dawn@interclick[2].txt
C:\Documents and Settings\Dawn\Cookies\dawn@imrworldwide[2].txt
C:\Documents and Settings\Dawn\Cookies\dawn@ad.wsod[2].txt
C:\Documents and Settings\Dawn\Cookies\dawn@serving-sys[1].txt

ONCE AGAIN, THANK YOU VERY MUCH FOR YOUR HELP. I STILL HAVE THE REDIRECT PROBLEM - BUT ONLY FROM MY YAHOO SEARCG ENGINE AND FIREFOX HOME PAGES. WHEN I OPEN WWW.GOOGLE.COM AND SEARCH, I DON'T HAVE THE REDIRECT PROBLEM. EVERYTHING ELSE IS OK RIGHT NOW, HOWEVER, THE REDIRECT IS OBVIOUSLY TAKING US TO MALICIOS SITES WHICH CAN CAUSE OTHER PROBLEMS. WHAT NEXT?

4)

Avira AntiVir Personal
Report file date: Monday, July 05, 2010 09:07

Scanning for 2292946 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : DHFMSZ81

Version information:
BUILD.DAT : 10.0.0.567 32097 Bytes 4/19/2010 15:07:00
AVSCAN.EXE : 10.0.3.0 433832 Bytes 4/1/2010 17:37:38
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 17:57:04
LUKE.DLL : 10.0.2.3 104296 Bytes 3/7/2010 23:33:04
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 04:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 14:05:36
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 00:27:49
VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 22:37:42
VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 21:37:42
VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 16:29:03
VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 12:27:49
VBASE006.VDF : 7.10.7.218 2294784 Bytes 6/2/2010 12:27:57
VBASE007.VDF : 7.10.7.219 2048 Bytes 6/2/2010 12:27:58
VBASE008.VDF : 7.10.7.220 2048 Bytes 6/2/2010 12:27:58
VBASE009.VDF : 7.10.7.221 2048 Bytes 6/2/2010 12:27:58
VBASE010.VDF : 7.10.7.222 2048 Bytes 6/2/2010 12:27:58
VBASE011.VDF : 7.10.7.223 2048 Bytes 6/2/2010 12:27:58
VBASE012.VDF : 7.10.7.224 2048 Bytes 6/2/2010 12:27:58
VBASE013.VDF : 7.10.8.37 270336 Bytes 6/10/2010 12:28:00
VBASE014.VDF : 7.10.8.69 138752 Bytes 6/14/2010 12:28:01
VBASE015.VDF : 7.10.8.102 130560 Bytes 6/16/2010 12:28:02
VBASE016.VDF : 7.10.8.135 152064 Bytes 6/21/2010 12:28:03
VBASE017.VDF : 7.10.8.163 432128 Bytes 6/23/2010 12:28:06
VBASE018.VDF : 7.10.8.194 133632 Bytes 6/27/2010 12:28:07
VBASE019.VDF : 7.10.8.220 134656 Bytes 6/29/2010 12:28:08
VBASE020.VDF : 7.10.8.252 171520 Bytes 7/4/2010 12:28:09
VBASE021.VDF : 7.10.8.253 2048 Bytes 7/4/2010 12:28:09
VBASE022.VDF : 7.10.8.254 2048 Bytes 7/4/2010 12:28:09
VBASE023.VDF : 7.10.8.255 2048 Bytes 7/4/2010 12:28:09
VBASE024.VDF : 7.10.9.0 2048 Bytes 7/4/2010 12:28:09
VBASE025.VDF : 7.10.9.1 2048 Bytes 7/4/2010 12:28:10
VBASE026.VDF : 7.10.9.2 2048 Bytes 7/4/2010 12:28:10
VBASE027.VDF : 7.10.9.3 2048 Bytes 7/4/2010 12:28:10
VBASE028.VDF : 7.10.9.4 2048 Bytes 7/4/2010 12:28:10
VBASE029.VDF : 7.10.9.5 2048 Bytes 7/4/2010 12:28:10
VBASE030.VDF : 7.10.9.6 2048 Bytes 7/4/2010 12:28:10
VBASE031.VDF : 7.10.9.8 10752 Bytes 7/5/2010 12:28:11
Engineversion : 8.2.4.2
AEVDF.DLL : 8.1.2.0 106868 Bytes 7/5/2010 12:28:29
AESCRIPT.DLL : 8.1.3.33 1356155 Bytes 7/5/2010 12:28:29
AESCN.DLL : 8.1.6.1 127347 Bytes 7/5/2010 12:28:26
AESBX.DLL : 8.1.3.1 254324 Bytes 7/5/2010 12:28:31
AERDL.DLL : 8.1.4.6 541043 Bytes 7/5/2010 12:28:26
AEPACK.DLL : 8.2.2.5 430453 Bytes 7/5/2010 12:28:24
AEOFFICE.DLL : 8.1.1.0 201081 Bytes 7/5/2010 12:28:23
AEHEUR.DLL : 8.1.1.38 2724214 Bytes 7/5/2010 12:28:22
AEHELP.DLL : 8.1.11.6 242038 Bytes 7/5/2010 12:28:16
AEGEN.DLL : 8.1.3.12 377204 Bytes 7/5/2010 12:28:16
AEEMU.DLL : 8.1.2.0 393588 Bytes 7/5/2010 12:28:14
AECORE.DLL : 8.1.15.3 192886 Bytes 7/5/2010 12:28:13
AEBB.DLL : 8.1.1.0 53618 Bytes 7/5/2010 12:28:12
AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 17:03:38
AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 17:03:35
AVREP.DLL : 10.0.0.8 62209 Bytes 2/18/2010 21:47:40
AVREG.DLL : 10.0.3.0 53096 Bytes 4/1/2010 17:35:46
AVSCPLR.DLL : 10.0.3.0 83816 Bytes 4/1/2010 17:39:51
AVARKT.DLL : 10.0.0.14 227176 Bytes 4/1/2010 17:22:13
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 14:53:30
SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 17:57:58
AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 20:38:56
NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 19:41:00
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 18:10:20
RCTEXT.DLL : 10.0.53.0 97128 Bytes 4/9/2010 19:14:29

Configuration settings for the scan:
Jobname.............................: avguard_async_scan
Configuration file..................: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\AVGUARD_f2b87748\guard_slideup.avp
Logging.............................: low
Primary action......................: repair
Secondary action....................: quarantine
Scan master boot sector.............: on
Scan boot sector....................: off
Process scan........................: on
Scan registry.......................: off
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: high

Start of the scan: Monday, July 05, 2010 09:07

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'CreativeLicensing.exe' - '1' Module(s) have been scanned
Scan process 'mcrdsvc.exe' - '1' Module(s) have been scanned
Scan process 'YahooAUService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'ehSched.exe' - '1' Module(s) have been scanned
Scan process 'ehRecvr.exe' - '1' Module(s) have been scanned
Scan process 'crypserv.exe' - '1' Module(s) have been scanned
Scan process 'CTsvcCDA.EXE' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'WMP11CFG.exe' - '1' Module(s) have been scanned
Scan process 'SUPERAntiSpyware.exe' - '1' Module(s) have been scanned
Scan process 'isuspm.exe' - '1' Module(s) have been scanned
Scan process 'clclean.0001' - '1' Module(s) have been scanned
Scan process 'PPWebCap.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'CTDetect.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'QTTask.exe' - '1' Module(s) have been scanned
Scan process 'SearchProtection.exe' - '1' Module(s) have been scanned
Scan process 'tfswctrl.exe' - '1' Module(s) have been scanned
Scan process 'ONETOU~2.EXE' - '1' Module(s) have been scanned
Scan process 'MediaDetect.exe' - '1' Module(s) have been scanned
Scan process 'Rundll32.exe' - '1' Module(s) have been scanned
Scan process 'CTSysVol.exe' - '1' Module(s) have been scanned
Scan process 'DVDLauncher.exe' - '1' Module(s) have been scanned
Scan process 'IntelMEM.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'igfxpers.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned

Starting the file scan:

Begin scan in 'C:\Documents and Settings\Dawn\Application Data\Sun\Java\Deployment\cache\6.0\33\1d21a021-18b9e324'
C:\Documents and Settings\Dawn\Application Data\Sun\Java\Deployment\cache\6.0\33\1d21a021-18b9e324
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/BlackBox.AA.2 Java virus
--> BlackBox.class
[DETECTION] Contains recognition pattern of the JAVA/BlackBox.AA.2 Java virus
--> VerifierBug.class
[DETECTION] Contains recognition pattern of the JAVA/BlackBox.AA.4 Java virus
--> Dummy.class
[DETECTION] Contains recognition pattern of the JAVA/BlackBox.AA.3 Java virus
--> Beyond.class
[DETECTION] Contains recognition pattern of the JAVA/BlackBox.AA.1 Java virus
[NOTE] The file was moved to the quarantine directory under the name '4e6678ec.qua'.


End of the scan: Monday, July 05, 2010 09:07
Used time: 00:28 Minute(s)

The scan has been done completely.

0 Scanned directories
62 Files were scanned
5 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
1 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
57 Files not concerned
1 Archives were scanned
0 Warnings
1 Notes


The scan results will be transferred to the Guard.

3)

Avira AntiVir Personal
Report file date: Monday, July 05, 2010 09:05

Scanning for 2292946 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : DHFMSZ81

Version information:
BUILD.DAT : 10.0.0.567 32097 Bytes 4/19/2010 15:07:00
AVSCAN.EXE : 10.0.3.0 433832 Bytes 4/1/2010 17:37:38
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 17:57:04
LUKE.DLL : 10.0.2.3 104296 Bytes 3/7/2010 23:33:04
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 04:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 14:05:36
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 00:27:49
VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 22:37:42
VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 21:37:42
VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 16:29:03
VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 12:27:49
VBASE006.VDF : 7.10.7.218 2294784 Bytes 6/2/2010 12:27:57
VBASE007.VDF : 7.10.7.219 2048 Bytes 6/2/2010 12:27:58
VBASE008.VDF : 7.10.7.220 2048 Bytes 6/2/2010 12:27:58
VBASE009.VDF : 7.10.7.221 2048 Bytes 6/2/2010 12:27:58
VBASE010.VDF : 7.10.7.222 2048 Bytes 6/2/2010 12:27:58
VBASE011.VDF : 7.10.7.223 2048 Bytes 6/2/2010 12:27:58
VBASE012.VDF : 7.10.7.224 2048 Bytes 6/2/2010 12:27:58
VBASE013.VDF : 7.10.8.37 270336 Bytes 6/10/2010 12:28:00
VBASE014.VDF : 7.10.8.69 138752 Bytes 6/14/2010 12:28:01
VBASE015.VDF : 7.10.8.102 130560 Bytes 6/16/2010 12:28:02
VBASE016.VDF : 7.10.8.135 152064 Bytes 6/21/2010 12:28:03
VBASE017.VDF : 7.10.8.163 432128 Bytes 6/23/2010 12:28:06
VBASE018.VDF : 7.10.8.194 133632 Bytes 6/27/2010 12:28:07
VBASE019.VDF : 7.10.8.220 134656 Bytes 6/29/2010 12:28:08
VBASE020.VDF : 7.10.8.252 171520 Bytes 7/4/2010 12:28:09
VBASE021.VDF : 7.10.8.253 2048 Bytes 7/4/2010 12:28:09
VBASE022.VDF : 7.10.8.254 2048 Bytes 7/4/2010 12:28:09
VBASE023.VDF : 7.10.8.255 2048 Bytes 7/4/2010 12:28:09
VBASE024.VDF : 7.10.9.0 2048 Bytes 7/4/2010 12:28:09
VBASE025.VDF : 7.10.9.1 2048 Bytes 7/4/2010 12:28:10
VBASE026.VDF : 7.10.9.2 2048 Bytes 7/4/2010 12:28:10
VBASE027.VDF : 7.10.9.3 2048 Bytes 7/4/2010 12:28:10
VBASE028.VDF : 7.10.9.4 2048 Bytes 7/4/2010 12:28:10
VBASE029.VDF : 7.10.9.5 2048 Bytes 7/4/2010 12:28:10
VBASE030.VDF : 7.10.9.6 2048 Bytes 7/4/2010 12:28:10
VBASE031.VDF : 7.10.9.8 10752 Bytes 7/5/2010 12:28:11
Engineversion : 8.2.4.2
AEVDF.DLL : 8.1.2.0 106868 Bytes 7/5/2010 12:28:29
AESCRIPT.DLL : 8.1.3.33 1356155 Bytes 7/5/2010 12:28:29
AESCN.DLL : 8.1.6.1 127347 Bytes 7/5/2010 12:28:26
AESBX.DLL : 8.1.3.1 254324 Bytes 7/5/2010 12:28:31
AERDL.DLL : 8.1.4.6 541043 Bytes 7/5/2010 12:28:26
AEPACK.DLL : 8.2.2.5 430453 Bytes 7/5/2010 12:28:24
AEOFFICE.DLL : 8.1.1.0 201081 Bytes 7/5/2010 12:28:23
AEHEUR.DLL : 8.1.1.38 2724214 Bytes 7/5/2010 12:28:22
AEHELP.DLL : 8.1.11.6 242038 Bytes 7/5/2010 12:28:16
AEGEN.DLL : 8.1.3.12 377204 Bytes 7/5/2010 12:28:16
AEEMU.DLL : 8.1.2.0 393588 Bytes 7/5/2010 12:28:14
AECORE.DLL : 8.1.15.3 192886 Bytes 7/5/2010 12:28:13
AEBB.DLL : 8.1.1.0 53618 Bytes 7/5/2010 12:28:12
AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 17:03:38
AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 17:03:35
AVREP.DLL : 10.0.0.8 62209 Bytes 2/18/2010 21:47:40
AVREG.DLL : 10.0.3.0 53096 Bytes 4/1/2010 17:35:46
AVSCPLR.DLL : 10.0.3.0 83816 Bytes 4/1/2010 17:39:51
AVARKT.DLL : 10.0.0.14 227176 Bytes 4/1/2010 17:22:13
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 14:53:30
SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 17:57:58
AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 20:38:56
NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 19:41:00
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 18:10:20
RCTEXT.DLL : 10.0.53.0 97128 Bytes 4/9/2010 19:14:29

Configuration settings for the scan:
Jobname.............................: avguard_async_scan
Configuration file..................: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\AVGUARD_f2b87748\guard_slideup.avp
Logging.............................: low
Primary action......................: repair
Secondary action....................: quarantine
Scan master boot sector.............: on
Scan boot sector....................: off
Process scan........................: on
Scan registry.......................: off
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: high

Start of the scan: Monday, July 05, 2010 09:05

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'CreativeLicensing.exe' - '1' Module(s) have been scanned
Scan process 'mcrdsvc.exe' - '1' Module(s) have been scanned
Scan process 'YahooAUService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'ehSched.exe' - '1' Module(s) have been scanned
Scan process 'ehRecvr.exe' - '1' Module(s) have been scanned
Scan process 'crypserv.exe' - '1' Module(s) have been scanned
Scan process 'CTsvcCDA.EXE' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'WMP11CFG.exe' - '1' Module(s) have been scanned
Scan process 'SUPERAntiSpyware.exe' - '1' Module(s) have been scanned
Scan process 'isuspm.exe' - '1' Module(s) have been scanned
Scan process 'clclean.0001' - '1' Module(s) have been scanned
Scan process 'PPWebCap.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'CTDetect.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'QTTask.exe' - '1' Module(s) have been scanned
Scan process 'SearchProtection.exe' - '1' Module(s) have been scanned
Scan process 'tfswctrl.exe' - '1' Module(s) have been scanned
Scan process 'ONETOU~2.EXE' - '1' Module(s) have been scanned
Scan process 'MediaDetect.exe' - '1' Module(s) have been scanned
Scan process 'Rundll32.exe' - '1' Module(s) have been scanned
Scan process 'CTSysVol.exe' - '1' Module(s) have been scanned
Scan process 'DVDLauncher.exe' - '1' Module(s) have been scanned
Scan process 'IntelMEM.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'igfxpers.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned

Starting the file scan:

Begin scan in 'C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinFraudLoadpc2.zip'
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinFraudLoadpc2.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to the quarantine directory under the name '4e9a7875.qua'.


End of the scan: Monday, July 05, 2010 09:05
Used time: 00:37 Minute(s)

The scan has been done completely.

0 Scanned directories
59 Files were scanned
0 Viruses and/or unwanted programs were found
1 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
1 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
58 Files not concerned
1 Archives were scanned
0 Warnings
1 Notes


The scan results will be transferred to the Guard.


2)


Avira AntiVir Personal
Report file date: Monday, July 05, 2010 08:51

Scanning for 2292946 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : DHFMSZ81

Version information:
BUILD.DAT : 10.0.0.567 32097 Bytes 4/19/2010 15:07:00
AVSCAN.EXE : 10.0.3.0 433832 Bytes 4/1/2010 17:37:38
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 17:57:04
LUKE.DLL : 10.0.2.3 104296 Bytes 3/7/2010 23:33:04
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 04:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 14:05:36
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 00:27:49
VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 22:37:42
VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 21:37:42
VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 16:29:03
VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 12:27:49
VBASE006.VDF : 7.10.7.218 2294784 Bytes 6/2/2010 12:27:57
VBASE007.VDF : 7.10.7.219 2048 Bytes 6/2/2010 12:27:58
VBASE008.VDF : 7.10.7.220 2048 Bytes 6/2/2010 12:27:58
VBASE009.VDF : 7.10.7.221 2048 Bytes 6/2/2010 12:27:58
VBASE010.VDF : 7.10.7.222 2048 Bytes 6/2/2010 12:27:58
VBASE011.VDF : 7.10.7.223 2048 Bytes 6/2/2010 12:27:58
VBASE012.VDF : 7.10.7.224 2048 Bytes 6/2/2010 12:27:58
VBASE013.VDF : 7.10.8.37 270336 Bytes 6/10/2010 12:28:00
VBASE014.VDF : 7.10.8.69 138752 Bytes 6/14/2010 12:28:01
VBASE015.VDF : 7.10.8.102 130560 Bytes 6/16/2010 12:28:02
VBASE016.VDF : 7.10.8.135 152064 Bytes 6/21/2010 12:28:03
VBASE017.VDF : 7.10.8.163 432128 Bytes 6/23/2010 12:28:06
VBASE018.VDF : 7.10.8.194 133632 Bytes 6/27/2010 12:28:07
VBASE019.VDF : 7.10.8.220 134656 Bytes 6/29/2010 12:28:08
VBASE020.VDF : 7.10.8.252 171520 Bytes 7/4/2010 12:28:09
VBASE021.VDF : 7.10.8.253 2048 Bytes 7/4/2010 12:28:09
VBASE022.VDF : 7.10.8.254 2048 Bytes 7/4/2010 12:28:09
VBASE023.VDF : 7.10.8.255 2048 Bytes 7/4/2010 12:28:09
VBASE024.VDF : 7.10.9.0 2048 Bytes 7/4/2010 12:28:09
VBASE025.VDF : 7.10.9.1 2048 Bytes 7/4/2010 12:28:10
VBASE026.VDF : 7.10.9.2 2048 Bytes 7/4/2010 12:28:10
VBASE027.VDF : 7.10.9.3 2048 Bytes 7/4/2010 12:28:10
VBASE028.VDF : 7.10.9.4 2048 Bytes 7/4/2010 12:28:10
VBASE029.VDF : 7.10.9.5 2048 Bytes 7/4/2010 12:28:10
VBASE030.VDF : 7.10.9.6 2048 Bytes 7/4/2010 12:28:10
VBASE031.VDF : 7.10.9.8 10752 Bytes 7/5/2010 12:28:11
Engineversion : 8.2.4.2
AEVDF.DLL : 8.1.2.0 106868 Bytes 7/5/2010 12:28:29
AESCRIPT.DLL : 8.1.3.33 1356155 Bytes 7/5/2010 12:28:29
AESCN.DLL : 8.1.6.1 127347 Bytes 7/5/2010 12:28:26
AESBX.DLL : 8.1.3.1 254324 Bytes 7/5/2010 12:28:31
AERDL.DLL : 8.1.4.6 541043 Bytes 7/5/2010 12:28:26
AEPACK.DLL : 8.2.2.5 430453 Bytes 7/5/2010 12:28:24
AEOFFICE.DLL : 8.1.1.0 201081 Bytes 7/5/2010 12:28:23
AEHEUR.DLL : 8.1.1.38 2724214 Bytes 7/5/2010 12:28:22
AEHELP.DLL : 8.1.11.6 242038 Bytes 7/5/2010 12:28:16
AEGEN.DLL : 8.1.3.12 377204 Bytes 7/5/2010 12:28:16
AEEMU.DLL : 8.1.2.0 393588 Bytes 7/5/2010 12:28:14
AECORE.DLL : 8.1.15.3 192886 Bytes 7/5/2010 12:28:13
AEBB.DLL : 8.1.1.0 53618 Bytes 7/5/2010 12:28:12
AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 17:03:38
AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 17:03:35
AVREP.DLL : 10.0.0.8 62209 Bytes 2/18/2010 21:47:40
AVREG.DLL : 10.0.3.0 53096 Bytes 4/1/2010 17:35:46
AVSCPLR.DLL : 10.0.3.0 83816 Bytes 4/1/2010 17:39:51
AVARKT.DLL : 10.0.0.14 227176 Bytes 4/1/2010 17:22:13
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 14:53:30
SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 17:57:58
AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 20:38:56
NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 19:41:00
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 18:10:20
RCTEXT.DLL : 10.0.53.0 97128 Bytes 4/9/2010 19:14:29

Configuration settings for the scan:
Jobname.............................: avguard_async_scan
Configuration file..................: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\AVGUARD_f2b87748\guard_slideup.avp
Logging.............................: low
Primary action......................: repair
Secondary action....................: quarantine
Scan master boot sector.............: on
Scan boot sector....................: off
Process scan........................: on
Scan registry.......................: off
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: high

Start of the scan: Monday, July 05, 2010 08:51

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'CreativeLicensing.exe' - '1' Module(s) have been scanned
Scan process 'mcrdsvc.exe' - '1' Module(s) have been scanned
Scan process 'YahooAUService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'ehSched.exe' - '1' Module(s) have been scanned
Scan process 'ehRecvr.exe' - '1' Module(s) have been scanned
Scan process 'crypserv.exe' - '1' Module(s) have been scanned
Scan process 'CTsvcCDA.EXE' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'WMP11CFG.exe' - '1' Module(s) have been scanned
Scan process 'SUPERAntiSpyware.exe' - '1' Module(s) have been scanned
Scan process 'isuspm.exe' - '1' Module(s) have been scanned
Scan process 'clclean.0001' - '1' Module(s) have been scanned
Scan process 'PPWebCap.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'CTDetect.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'QTTask.exe' - '1' Module(s) have been scanned
Scan process 'SearchProtection.exe' - '1' Module(s) have been scanned
Scan process 'tfswctrl.exe' - '1' Module(s) have been scanned
Scan process 'ONETOU~2.EXE' - '1' Module(s) have been scanned
Scan process 'MediaDetect.exe' - '1' Module(s) have been scanned
Scan process 'Rundll32.exe' - '1' Module(s) have been scanned
Scan process 'CTSysVol.exe' - '1' Module(s) have been scanned
Scan process 'DVDLauncher.exe' - '1' Module(s) have been scanned
Scan process 'IntelMEM.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'igfxpers.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned

Starting the file scan:

Begin scan in 'C:\Documents and Settings\Dawn\Local Settings\Temporary Internet Files\Content.IE5\7THHFW6Q\index[4].htm'
C:\Documents and Settings\Dawn\Local Settings\Temporary Internet Files\Content.IE5\7THHFW6Q\index[4].htm
[DETECTION] Contains recognition pattern of the JS/Agent.13838 Java script virus
[NOTE] The file was moved to the quarantine directory under the name '4e9074a1.qua'.


End of the scan: Monday, July 05, 2010 08:51
Used time: 00:16 Minute(s)

The scan has been done completely.

0 Scanned directories
57 Files were scanned
1 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
1 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
56 Files not concerned
0 Archives were scanned
0 Warnings
1 Notes


The scan results will be transferred to the Guard.


Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

PLEASE NOT THAT WHEN I FIRST RAN AVIRA, IT CAM UP CLEAN. THE I RERAN MBAM. WHILE I RAN MBAM, AVIRA POPPED UP AND NOTIFIED ME OF FOUR PROBLEMS IN A ROW THAT I THEN 'REMOVED'. ALTHOUGH THE FIRST SCAN WAS CLEAN, HERE ARE THE LOGS OF THE FOUR PROBLEMS THAT FOLLOWED:

1)


Avira AntiVir Personal
Report file date: Monday, July 05, 2010 08:49

Scanning for 2292946 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : DHFMSZ81

Version information:
BUILD.DAT : 10.0.0.567 32097 Bytes 4/19/2010 15:07:00
AVSCAN.EXE : 10.0.3.0 433832 Bytes 4/1/2010 17:37:38
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 17:57:04
LUKE.DLL : 10.0.2.3 104296 Bytes 3/7/2010 23:33:04
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 04:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 14:05:36
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 00:27:49
VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 22:37:42
VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 21:37:42
VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 16:29:03
VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 12:27:49
VBASE006.VDF : 7.10.7.218 2294784 Bytes 6/2/2010 12:27:57
VBASE007.VDF : 7.10.7.219 2048 Bytes 6/2/2010 12:27:58
VBASE008.VDF : 7.10.7.220 2048 Bytes 6/2/2010 12:27:58
VBASE009.VDF : 7.10.7.221 2048 Bytes 6/2/2010 12:27:58
VBASE010.VDF : 7.10.7.222 2048 Bytes 6/2/2010 12:27:58
VBASE011.VDF : 7.10.7.223 2048 Bytes 6/2/2010 12:27:58
VBASE012.VDF : 7.10.7.224 2048 Bytes 6/2/2010 12:27:58
VBASE013.VDF : 7.10.8.37 270336 Bytes 6/10/2010 12:28:00
VBASE014.VDF : 7.10.8.69 138752 Bytes 6/14/2010 12:28:01
VBASE015.VDF : 7.10.8.102 130560 Bytes 6/16/2010 12:28:02
VBASE016.VDF : 7.10.8.135 152064 Bytes 6/21/2010 12:28:03
VBASE017.VDF : 7.10.8.163 432128 Bytes 6/23/2010 12:28:06
VBASE018.VDF : 7.10.8.194 133632 Bytes 6/27/2010 12:28:07
VBASE019.VDF : 7.10.8.220 134656 Bytes 6/29/2010 12:28:08
VBASE020.VDF : 7.10.8.252 171520 Bytes 7/4/2010 12:28:09
VBASE021.VDF : 7.10.8.253 2048 Bytes 7/4/2010 12:28:09
VBASE022.VDF : 7.10.8.254 2048 Bytes 7/4/2010 12:28:09
VBASE023.VDF : 7.10.8.255 2048 Bytes 7/4/2010 12:28:09
VBASE024.VDF : 7.10.9.0 2048 Bytes 7/4/2010 12:28:09
VBASE025.VDF : 7.10.9.1 2048 Bytes 7/4/2010 12:28:10
VBASE026.VDF : 7.10.9.2 2048 Bytes 7/4/2010 12:28:10
VBASE027.VDF : 7.10.9.3 2048 Bytes 7/4/2010 12:28:10
VBASE028.VDF : 7.10.9.4 2048 Bytes 7/4/2010 12:28:10
VBASE029.VDF : 7.10.9.5 2048 Bytes 7/4/2010 12:28:10
VBASE030.VDF : 7.10.9.6 2048 Bytes 7/4/2010 12:28:10
VBASE031.VDF : 7.10.9.8 10752 Bytes 7/5/2010 12:28:11
Engineversion : 8.2.4.2
AEVDF.DLL : 8.1.2.0 106868 Bytes 7/5/2010 12:28:29
AESCRIPT.DLL : 8.1.3.33 1356155 Bytes 7/5/2010 12:28:29
AESCN.DLL : 8.1.6.1 127347 Bytes 7/5/2010 12:28:26
AESBX.DLL : 8.1.3.1 254324 Bytes 7/5/2010 12:28:31
AERDL.DLL : 8.1.4.6 541043 Bytes 7/5/2010 12:28:26
AEPACK.DLL : 8.2.2.5 430453 Bytes 7/5/2010 12:28:24
AEOFFICE.DLL : 8.1.1.0 201081 Bytes 7/5/2010 12:28:23
AEHEUR.DLL : 8.1.1.38 2724214 Bytes 7/5/2010 12:28:22
AEHELP.DLL : 8.1.11.6 242038 Bytes 7/5/2010 12:28:16
AEGEN.DLL : 8.1.3.12 377204 Bytes 7/5/2010 12:28:16
AEEMU.DLL : 8.1.2.0 393588 Bytes 7/5/2010 12:28:14
AECORE.DLL : 8.1.15.3 192886 Bytes 7/5/2010 12:28:13
AEBB.DLL : 8.1.1.0 53618 Bytes 7/5/2010 12:28:12
AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 17:03:38
AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 17:03:35
AVREP.DLL : 10.0.0.8 62209 Bytes 2/18/2010 21:47:40
AVREG.DLL : 10.0.3.0 53096 Bytes 4/1/2010 17:35:46
AVSCPLR.DLL : 10.0.3.0 83816 Bytes 4/1/2010 17:39:51
AVARKT.DLL : 10.0.0.14 227176 Bytes 4/1/2010 17:22:13
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 14:53:30
SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 17:57:58
AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 20:38:56
NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 19:41:00
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 18:10:20
RCTEXT.DLL : 10.0.53.0 97128 Bytes 4/9/2010 19:14:29

Configuration settings for the scan:
Jobname.............................: avguard_async_scan
Configuration file..................: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\AVGUARD_f2b87748\guard_slideup.avp
Logging.............................: low
Primary action......................: repair
Secondary action....................: quarantine
Scan master boot sector.............: on
Scan boot sector....................: off
Process scan........................: on
Scan registry.......................: off
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: high

Start of the scan: Monday, July 05, 2010 08:49

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'CreativeLicensing.exe' - '1' Module(s) have been scanned
Scan process 'mcrdsvc.exe' - '1' Module(s) have been scanned
Scan process 'YahooAUService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'ehSched.exe' - '1' Module(s) have been scanned
Scan process 'ehRecvr.exe' - '1' Module(s) have been scanned
Scan process 'crypserv.exe' - '1' Module(s) have been scanned
Scan process 'CTsvcCDA.EXE' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'WMP11CFG.exe' - '1' Module(s) have been scanned
Scan process 'SUPERAntiSpyware.exe' - '1' Module(s) have been scanned
Scan process 'isuspm.exe' - '1' Module(s) have been scanned
Scan process 'clclean.0001' - '1' Module(s) have been scanned
Scan process 'PPWebCap.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'CTDetect.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'QTTask.exe' - '1' Module(s) have been scanned
Scan process 'SearchProtection.exe' - '1' Module(s) have been scanned
Scan process 'tfswctrl.exe' - '1' Module(s) have been scanned
Scan process 'ONETOU~2.EXE' - '1' Module(s) have been scanned
Scan process 'MediaDetect.exe' - '1' Module(s) have been scanned
Scan process 'Rundll32.exe' - '1' Module(s) have been scanned
Scan process 'CTSysVol.exe' - '1' Module(s) have been scanned
Scan process 'DVDLauncher.exe' - '1' Module(s) have been scanned
Scan process 'IntelMEM.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'igfxpers.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned

Starting the file scan:

Begin scan in 'C:\Documents and Settings\Dawn\Local Settings\Temporary Internet Files\Content.IE5\7THHFW6Q\fa[1].htm'
C:\Documents and Settings\Dawn\Local Settings\Temporary Internet Files\Content.IE5\7THHFW6Q\fa[1].htm
[DETECTION] Contains recognition pattern of the HTML/FakeAlert.lok HTML script virus
[NOTE] The file was moved to the quarantine directory under the name '4e89742e.qua'.


End of the scan: Monday, July 05, 2010 08:49
Used time: 00:20 Minute(s)

The scan has been done completely.

0 Scanned directories
57 Files were scanned
1 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
1 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
56 Files not concerned
0 Archives were scanned
0 Warnings
1 Notes


The scan results will be transferred to the Guard.

Hi, run NcAfee FakeAlert Stinger

Update and scan with Avira.

Hi and thanks again. I did download and run McAfee FakeAlert Stinger. Not sure how to get the log, but it did apparently flush out a bunch of things. Then I ran Avira again and it als found a lot. Here is the log:



Avira AntiVir Personal
Report file date: Monday, July 05, 2010 16:38

Scanning for 2295760 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : DHFMSZ81

Version information:
BUILD.DAT : 10.0.0.567 32097 Bytes 4/19/2010 15:07:00
AVSCAN.EXE : 10.0.3.0 433832 Bytes 4/1/2010 17:37:38
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 17:57:04
LUKE.DLL : 10.0.2.3 104296 Bytes 3/7/2010 23:33:04
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 04:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 14:05:36
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 00:27:49
VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 22:37:42
VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 21:37:42
VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 16:29:03
VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 12:27:49
VBASE006.VDF : 7.10.7.218 2294784 Bytes 6/2/2010 12:27:57
VBASE007.VDF : 7.10.7.219 2048 Bytes 6/2/2010 12:27:58
VBASE008.VDF : 7.10.7.220 2048 Bytes 6/2/2010 12:27:58
VBASE009.VDF : 7.10.7.221 2048 Bytes 6/2/2010 12:27:58
VBASE010.VDF : 7.10.7.222 2048 Bytes 6/2/2010 12:27:58
VBASE011.VDF : 7.10.7.223 2048 Bytes 6/2/2010 12:27:58
VBASE012.VDF : 7.10.7.224 2048 Bytes 6/2/2010 12:27:58
VBASE013.VDF : 7.10.8.37 270336 Bytes 6/10/2010 12:28:00
VBASE014.VDF : 7.10.8.69 138752 Bytes 6/14/2010 12:28:01
VBASE015.VDF : 7.10.8.102 130560 Bytes 6/16/2010 12:28:02
VBASE016.VDF : 7.10.8.135 152064 Bytes 6/21/2010 12:28:03
VBASE017.VDF : 7.10.8.163 432128 Bytes 6/23/2010 12:28:06
VBASE018.VDF : 7.10.8.194 133632 Bytes 6/27/2010 12:28:07
VBASE019.VDF : 7.10.8.220 134656 Bytes 6/29/2010 12:28:08
VBASE020.VDF : 7.10.8.252 171520 Bytes 7/4/2010 12:28:09
VBASE021.VDF : 7.10.8.253 2048 Bytes 7/4/2010 12:28:09
VBASE022.VDF : 7.10.8.254 2048 Bytes 7/4/2010 12:28:09
VBASE023.VDF : 7.10.8.255 2048 Bytes 7/4/2010 12:28:09
VBASE024.VDF : 7.10.9.0 2048 Bytes 7/4/2010 12:28:09
VBASE025.VDF : 7.10.9.1 2048 Bytes 7/4/2010 12:28:10
VBASE026.VDF : 7.10.9.2 2048 Bytes 7/4/2010 12:28:10
VBASE027.VDF : 7.10.9.3 2048 Bytes 7/4/2010 12:28:10
VBASE028.VDF : 7.10.9.4 2048 Bytes 7/4/2010 12:28:10
VBASE029.VDF : 7.10.9.5 2048 Bytes 7/4/2010 12:28:10
VBASE030.VDF : 7.10.9.6 2048 Bytes 7/4/2010 12:28:10
VBASE031.VDF : 7.10.9.11 54272 Bytes 7/5/2010 20:37:36
Engineversion : 8.2.4.2
AEVDF.DLL : 8.1.2.0 106868 Bytes 7/5/2010 12:28:29
AESCRIPT.DLL : 8.1.3.33 1356155 Bytes 7/5/2010 12:28:29
AESCN.DLL : 8.1.6.1 127347 Bytes 7/5/2010 12:28:26
AESBX.DLL : 8.1.3.1 254324 Bytes 7/5/2010 12:28:31
AERDL.DLL : 8.1.4.6 541043 Bytes 7/5/2010 12:28:26
AEPACK.DLL : 8.2.2.5 430453 Bytes 7/5/2010 12:28:24
AEOFFICE.DLL : 8.1.1.0 201081 Bytes 7/5/2010 12:28:23
AEHEUR.DLL : 8.1.1.38 2724214 Bytes 7/5/2010 12:28:22
AEHELP.DLL : 8.1.11.6 242038 Bytes 7/5/2010 12:28:16
AEGEN.DLL : 8.1.3.12 377204 Bytes 7/5/2010 12:28:16
AEEMU.DLL : 8.1.2.0 393588 Bytes 7/5/2010 12:28:14
AECORE.DLL : 8.1.15.3 192886 Bytes 7/5/2010 12:28:13
AEBB.DLL : 8.1.1.0 53618 Bytes 7/5/2010 12:28:12
AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 17:03:38
AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 17:03:35
AVREP.DLL : 10.0.0.8 62209 Bytes 2/18/2010 21:47:40
AVREG.DLL : 10.0.3.0 53096 Bytes 4/1/2010 17:35:46
AVSCPLR.DLL : 10.0.3.0 83816 Bytes 4/1/2010 17:39:51
AVARKT.DLL : 10.0.0.14 227176 Bytes 4/1/2010 17:22:13
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 14:53:30
SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 17:57:58
AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 20:38:56
NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 19:41:00
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 18:10:20
RCTEXT.DLL : 10.0.53.0 97128 Bytes 4/9/2010 19:14:29

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Monday, July 05, 2010 16:38

Starting search for hidden objects.

The scan of running processes will be started
Scan process 'avscan.exe' - '75' Module(s) have been scanned
Scan process 'msdtc.exe' - '45' Module(s) have been scanned
Scan process 'dllhost.exe' - '50' Module(s) have been scanned
Scan process 'vssvc.exe' - '52' Module(s) have been scanned
Scan process 'avcenter.exe' - '63' Module(s) have been scanned
Scan process 'alg.exe' - '38' Module(s) have been scanned
Scan process 'dllhost.exe' - '64' Module(s) have been scanned
Scan process 'iPodService.exe' - '36' Module(s) have been scanned
Scan process 'CreativeLicensing.exe' - '19' Module(s) have been scanned
Scan process 'ehmsas.exe' - '28' Module(s) have been scanned
Scan process 'mcrdsvc.exe' - '36' Module(s) have been scanned
Scan process 'YahooAUService.exe' - '30' Module(s) have been scanned
Scan process 'svchost.exe' - '43' Module(s) have been scanned
Scan process 'svchost.exe' - '41' Module(s) have been scanned
Scan process 'jqs.exe' - '38' Module(s) have been scanned
Scan process 'ehSched.exe' - '41' Module(s) have been scanned
Scan process 'ehRecvr.exe' - '47' Module(s) have been scanned
Scan process 'crypserv.exe' - '21' Module(s) have been scanned
Scan process 'avshadow.exe' - '32' Module(s) have been scanned
Scan process 'CTsvcCDA.EXE' - '19' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '38' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '36' Module(s) have been scanned
Scan process 'WMP11CFG.exe' - '34' Module(s) have been scanned
Scan process 'avguard.exe' - '60' Module(s) have been scanned
Scan process 'SUPERAntiSpyware.exe' - '50' Module(s) have been scanned
Scan process 'isuspm.exe' - '29' Module(s) have been scanned
Scan process 'PPWebCap.exe' - '26' Module(s) have been scanned
Scan process 'ctfmon.exe' - '30' Module(s) have been scanned
Scan process 'CTDetect.exe' - '34' Module(s) have been scanned
Scan process 'avgnt.exe' - '50' Module(s) have been scanned
Scan process 'clclean.0001' - '23' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '68' Module(s) have been scanned
Scan process 'QTTask.exe' - '25' Module(s) have been scanned
Scan process 'SearchProtection.exe' - '46' Module(s) have been scanned
Scan process 'tfswctrl.exe' - '34' Module(s) have been scanned
Scan process 'ONETOU~2.EXE' - '34' Module(s) have been scanned
Scan process 'MediaDetect.exe' - '34' Module(s) have been scanned
Scan process 'Rundll32.exe' - '42' Module(s) have been scanned
Scan process 'CTSysVol.exe' - '45' Module(s) have been scanned
Scan process 'DVDLauncher.exe' - '25' Module(s) have been scanned
Scan process 'IntelMEM.exe' - '29' Module(s) have been scanned
Scan process 'jusched.exe' - '22' Module(s) have been scanned
Scan process 'igfxpers.exe' - '30' Module(s) have been scanned
Scan process 'hkcmd.exe' - '29' Module(s) have been scanned
Scan process 'ehtray.exe' - '38' Module(s) have been scanned
Scan process 'svchost.exe' - '35' Module(s) have been scanned
Scan process 'Explorer.EXE' - '124' Module(s) have been scanned
Scan process 'sched.exe' - '55' Module(s) have been scanned
Scan process 'spoolsv.exe' - '58' Module(s) have been scanned
Scan process 'svchost.exe' - '37' Module(s) have been scanned
Scan process 'svchost.exe' - '37' Module(s) have been scanned
Scan process 'svchost.exe' - '171' Module(s) have been scanned
Scan process 'svchost.exe' - '45' Module(s) have been scanned
Scan process 'svchost.exe' - '58' Module(s) have been scanned
Scan process 'lsass.exe' - '63' Module(s) have been scanned
Scan process 'services.exe' - '43' Module(s) have been scanned
Scan process 'winlogon.exe' - '80' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '1769' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\Documents and Settings\Dawn\Application Data\Sun\Java\Deployment\cache\6.0\14\42b0bb4e-7ce55dbc
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/Agent.O.2 Java virus
--> C.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.O.2 Java virus
--> F.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.P.1 Java virus
--> Google.class
[DETECTION] Is the TR/Exploit.Agent.F Trojan
C:\Documents and Settings\Dawn\Application Data\Sun\Java\Deployment\cache\6.0\19\623d3213-535347df
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/ClassLoader.AE Java virus
--> JavaFX.class
[DETECTION] Contains recognition pattern of the JAVA/ClassLoader.AE Java virus
--> JavaFXColor.class
[DETECTION] Contains recognition pattern of the JAVA/ClassLoader.AF Java virus
--> JavaFXTrueColor.class
[DETECTION] Contains recognition pattern of the JAVA/ClassLoader.AG Java virus
C:\Documents and Settings\Dawn\Application Data\Sun\Java\Deployment\cache\6.0\34\11da5462-590ce39b
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/ClassLoader.AI Java virus
--> quote/Mailvue.class
[DETECTION] Contains recognition pattern of the JAVA/ClassLoader.AI Java virus
--> quote/Skypeqd.class
[DETECTION] Contains recognition pattern of the JAVA/ClassLoader.AL Java virus
--> quote/Twitters.class
[DETECTION] Contains recognition pattern of the JAVA/ClassLoader.AM Java virus
C:\Documents and Settings\Dawn\Application Data\Sun\Java\Deployment\cache\6.0\46\6e1077ae-2f3b70f2
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/Dldr.Age.3053 Java virus
--> sunny/MyBuilds.class
[DETECTION] Contains recognition pattern of the JAVA/Dldr.Age.3053 Java virus
--> sunny/MyFiles.class
[DETECTION] Contains recognition pattern of the JAVA/Dldr.Age.3159 Java virus
C:\Documents and Settings\Dawn\Application Data\Sun\Java\Deployment\cache\6.0\47\2d38e76f-5bae8911
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the JAVA/Agent.em.1 Java virus
--> dev/s/Bavarian.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.em.1 Java virus
--> dev/s/Saxonia.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.em.2 Java virus
--> dev/s/Silezia.class
[DETECTION] Contains recognition pattern of the JAVA/Agent.em.3 Java virus
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1557\A0062740.exe
[DETECTION] Contains recognition pattern of the ADSPY/BetterInternet.YC adware or spyware

Beginning disinfection:
C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1557\A0062740.exe
[DETECTION] Contains recognition pattern of the ADSPY/BetterInternet.YC adware or spyware
[NOTE] The file was moved to the quarantine directory under the name '4630e95a.qua'.
C:\Documents and Settings\Dawn\Application Data\Sun\Java\Deployment\cache\6.0\47\2d38e76f-5bae8911
[DETECTION] Contains recognition pattern of the JAVA/Agent.em.3 Java virus
[NOTE] The file was moved to the quarantine directory under the name '5ea0c531.qua'.
C:\Documents and Settings\Dawn\Application Data\Sun\Java\Deployment\cache\6.0\46\6e1077ae-2f3b70f2
[DETECTION] Contains recognition pattern of the JAVA/Dldr.Age.3159 Java virus
[NOTE] The file was moved to the quarantine directory under the name '0cf99fda.qua'.
C:\Documents and Settings\Dawn\Application Data\Sun\Java\Deployment\cache\6.0\34\11da5462-590ce39b
[DETECTION] Contains recognition pattern of the JAVA/ClassLoader.AM Java virus
[NOTE] The file was moved to the quarantine directory under the name '6a3bd3d4.qua'.
C:\Documents and Settings\Dawn\Application Data\Sun\Java\Deployment\cache\6.0\19\623d3213-535347df
[DETECTION] Contains recognition pattern of the JAVA/ClassLoader.AG Java virus
[NOTE] The file was moved to the quarantine directory under the name '2f4cfeeb.qua'.
C:\Documents and Settings\Dawn\Application Data\Sun\Java\Deployment\cache\6.0\14\42b0bb4e-7ce55dbc
[DETECTION] Is the TR/Exploit.Agent.F Trojan
[NOTE] The file was moved to the quarantine directory under the name '50a6cc8a.qua'.


End of the scan: Monday, July 05, 2010 17:24
Used time: 45:41 Minute(s)

The scan has been done completely.

10791 Scanned directories
342674 Files were scanned
15 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
6 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
342659 Files not concerned
3561 Archives were scanned
0 Warnings
6 Notes
352658 Objects were scanned with rootkit scan
0 Hidden objects were found

UNFORTUNATELY, I am still being redirected from my Yahoo Search Engine on my Home Page. Once again, I don't have this problem when I go to www.google.com. What do you think I should try next. Scan with McAfee FakeAlert Stinger and Avira again. Thank you so much for your continued help.

Hello again, What version of JAVA is running?
Go into Control Panel>Add Remove Programs. Be sure the 'Show Updates' box is checked. Go down the list and tell me what Java applications are installed and their version. (Highlight the program to see this).

Next run TDDS Killer
Please read carefully and follow these steps.

• Download TDSSKiller and save it to your Desktop.
• Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
• Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK. (If Vista, click on the Vista Orb and copy and paste the following into the Search field. (make sure you include the quotation marks) Then press Ctrl+Shift+Enter.)
  
  
  "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v
  
  
• If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
• It may ask you to reboot the computer to complete the process. Allow it to do so.
• When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

First of all, I can't thank you enough for all of your help. It appears as if the TDSSKiller did the trick. Neither my IE8 Yahoo Home Page nor my Firefox are redirecting anymore. It appears tha everything is working great. I'm going to post the log from the program per your, however, I just wanted to ask you if the Avira Antivir is good enough protection right now, or should I do anything else? Here are the Java Applications installed:

- J2SE Runtime Environment 5.0 Update 6
- J2SE Runtime Environment 5.0 Update 9
- Java 2 Runtime Environment, SE v./4.2_03
- Java ™ 6 Update 11
- Java ™ 6 Update 2
- Java ™ 6 Update 3
- Java ™ 6 Update 5
- Java SE Runtime Environment 6 Update 1

BY THE WAY, in the last week or so, I did receive a couple of txt files relative to Java loaded to my desktop. I'll post them here. Assume the problem I had was affecting Java?

#
# An unexpected error has been detected by Java Runtime Environment:
#
# EXCEPTION_ACCESS_VIOLATION (0xc0000005) at pc=0x0304d852, pid=1476, tid=2696
#
# Java VM: Java HotSpot™ Client VM (11.0-b16 mixed mode, sharing windows-x86)
# Problematic frame:
# C 0x0304d852
#
# If you would like to submit a bug report, please visit:
# http://java.sun.com/webapps/bugreport/crash.jsp
# The crash happened outside the Java Virtual Machine in native code.
# See problematic frame for where to report the bug.
#

--------------- T H R E A D ---------------

Current thread (0x03089400): JavaThread "thread applet-Google-1" [_thread_in_native, id=2696, stack(0x032c0000,0x03310000)]

siginfo: ExceptionCode=0xc0000005, reading address 0xffffffff

Registers:
EAX=0xffffffff, EBX=0x26c139f0, ECX=0x031ce0f8, EDX=0x000000ac
ESP=0x0330f76c, EBP=0x255a255b, ESI=0x26c139f0, EDI=0x03089400
EIP=0x0304d852, EFLAGS=0x00210213

Top of Stack: (sp=0x0330f76c)
0x0330f76c: 03040023 0304d864 0330f774 26c139f0
0x0330f77c: 0330f7a8 26c140b8 00000000 26c139f0
0x0330f78c: 00000000 0330f7a4 0330f7d0 00992e83
0x0330f79c: 00000000 00998189 2312a5e0 22995550
0x0330f7ac: 22995550 0330f7b0 26c1394f 0330f7e0
0x0330f7bc: 26c140b8 00000000 26c13970 0330f7a4
0x0330f7cc: 0330f7dc 0330f804 00992da1 229a01d8
0x0330f7dc: 2312a5e0 22995550 0330f7e4 26c12ef9

Instructions: (pc=0x0304d852)
0x0304d842: 18 2b f0 39 c1 26 68 8d 17 2b 48 0a 17 2b e8 06
0x0304d852: 9a 22 00 27 76 2b b0 ac 17 2b 68 8d 17 2b 40 81


Stack: [0x032c0000,0x03310000], sp=0x0330f76c, free space=317k
Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)
C 0x0304d852

Java frames: (J=compiled Java code, j=interpreted, Vv=VM code)
j com.sun.media.sound.HeadspaceSoundbank.nOpenResource(Ljava/lang/String;)J+0
j com.sun.media.sound.HeadspaceSoundbank.initialize(Ljava/lang/String;)V+7
j com.sun.media.sound.HeadspaceSoundbank.<init>(Ljava/net/URL;)V+89
j com.sun.media.sound.HsbParser.getSoundbank(Ljava/net/URL;)Ljavax/sound/midi/Soundbank;+5
j javax.sound.midi.MidiSystem.getSoundbank(Ljava/net/URL;)Ljavax/sound/midi/Soundbank;+36
j C.init(Ljava/net/URL;)V+27
j Google.init()V+810
j sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run()V+837
j java.lang.Thread.run()V+11
v ~StubRoutines::call_stub

--------------- P R O C E S S ---------------

Java Threads: ( => current thread )
0x0306c800 JavaThread "Timer-2" [_thread_blocked, id=3848, stack(0x03510000,0x03560000)]
0x0309cc00 JavaThread "Java Sound Event Dispatcher" daemon [_thread_blocked, id=3008, stack(0x04780000,0x047d0000)]
=>0x03089400 JavaThread "thread applet-Google-1" [_thread_in_native, id=2696, stack(0x032c0000,0x03310000)]
0x03069800 JavaThread "Browser Side Object Cleanup Thread" [_thread_blocked, id=3876, stack(0x04580000,0x045d0000)]
0x03064400 JavaThread "Windows Tray Icon Thread" [_thread_in_native, id=2588, stack(0x036a0000,0x036f0000)]
0x0305fc00 JavaThread "CacheCleanUpThread" daemon [_thread_blocked, id=4020, stack(0x03650000,0x036a0000)]
0x03071c00 JavaThread "CacheMemoryCleanUpThread" daemon [_thread_blocked, id=2920, stack(0x03600000,0x03650000)]
0x03033000 JavaThread "Java Plug-In Heartbeat Thread" [_thread_blocked, id=1752, stack(0x035b0000,0x03600000)]
0x03047c00 JavaThread "AWT-Windows" daemon [_thread_in_native, id=3576, stack(0x03460000,0x034b0000)]
0x03045000 JavaThread "Java2D Disposer" daemon [_thread_blocked, id=2040, stack(0x033c0000,0x03410000)]
0x0303d400 JavaThread "Java Plug-In Pipe Worker Thread (Client-Side)" [_thread_in_native, id=2276, stack(0x03310000,0x03360000)]
0x02bc8000 JavaThread "traceMsgQueueThread" daemon [_thread_blocked, id=792, stack(0x03230000,0x03280000)]
0x02bc5800 JavaThread "Timer-0" [_thread_blocked, id=2964, stack(0x02fe0000,0x03030000)]
0x02b01400 JavaThread "Low Memory Detector" daemon [_thread_blocked, id=2860, stack(0x02db0000,0x02e00000)]
0x02afb800 JavaThread "CompilerThread0" daemon [_thread_blocked, id=3340, stack(0x02d60000,0x02db0000)]
0x02af9c00 JavaThread "Attach Listener" daemon [_thread_blocked, id=3668, stack(0x02d10000,0x02d60000)]
0x02af8800 JavaThread "Signal Dispatcher" daemon [_thread_blocked, id=644, stack(0x02cc0000,0x02d10000)]
0x02af0800 JavaThread "Finalizer" daemon [_thread_blocked, id=196, stack(0x02c70000,0x02cc0000)]
0x02aef000 JavaThread "Reference Handler" daemon [_thread_blocked, id=816, stack(0x02c20000,0x02c70000)]
0x00886800 JavaThread "main" [_thread_in_native, id=3932, stack(0x00910000,0x00960000)]

Other Threads:
0x02aed800 VMThread [stack: 0x02bd0000,0x02c20000] [id=3752]
0x02b03800 WatcherThread [stack: 0x02e00000,0x02e50000] [id=1836]

VM state:not at safepoint (normal execution)

VM Mutex/Monitor currently owned by a thread: None

Heap
def new generation total 3200K, used 532K [0x22970000, 0x22ce0000, 0x22e50000)
eden space 2880K, 15% used [0x22970000, 0x229e25a8, 0x22c40000)
from space 320K, 23% used [0x22c90000, 0x22ca2db8, 0x22ce0000)
to space 320K, 0% used [0x22c40000, 0x22c40000, 0x22c90000)
tenured generation total 53108K, used 52110K [0x22e50000, 0x2622d000, 0x26970000)
the space 53108K, 98% used [0x22e50000, 0x261338b0, 0x26133a00, 0x2622d000)
compacting perm gen total 12288K, used 2839K [0x26970000, 0x27570000, 0x2a970000)
the space 12288K, 23% used [0x26970000, 0x26c35c90, 0x26c35e00, 0x27570000)
ro space 8192K, 63% used [0x2a970000, 0x2ae83ae8, 0x2ae83c00, 0x2b170000)
rw space 12288K, 53% used [0x2b170000, 0x2b7d83f8, 0x2b7d8400, 0x2bd70000)

Dynamic libraries:
0x00400000 - 0x00424000 C:\Program Files\Java\jre6\bin\java.exe
0x7c900000 - 0x7c9b2000 C:\WINDOWS\system32\ntdll.dll
0x7c800000 - 0x7c8f6000 C:\WINDOWS\system32\kernel32.dll
0x77dd0000 - 0x77e6b000 C:\WINDOWS\system32\ADVAPI32.dll
0x77e70000 - 0x77f02000 C:\WINDOWS\system32\RPCRT4.dll
0x77fe0000 - 0x77ff1000 C:\WINDOWS\system32\Secur32.dll
0x5cb70000 - 0x5cb96000 C:\WINDOWS\system32\ShimEng.dll
0x71590000 - 0x71609000 C:\WINDOWS\AppPatch\AcLayers.DLL
0x7e410000 - 0x7e4a1000 C:\WINDOWS\system32\USER32.dll
0x77f10000 - 0x77f59000 C:\WINDOWS\system32\GDI32.dll
0x7c9c0000 - 0x7d1d7000 C:\WINDOWS\system32\SHELL32.dll
0x77c10000 - 0x77c68000 C:\WINDOWS\system32\msvcrt.dll
0x77f60000 - 0x77fd6000 C:\WINDOWS\system32\SHLWAPI.dll
0x774e0000 - 0x7761d000 C:\WINDOWS\system32\ole32.dll
0x769c0000 - 0x76a74000 C:\WINDOWS\system32\USERENV.dll
0x73000000 - 0x73026000 C:\WINDOWS\system32\WINSPOOL.DRV
0x76390000 - 0x763ad000 C:\WINDOWS\system32\IMM32.DLL
0x773d0000 - 0x774d3000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x7c340000 - 0x7c396000 C:\Program Files\Java\jre6\bin\msvcr71.dll
0x6d800000 - 0x6da56000 C:\Program Files\Java\jre6\bin\client\jvm.dll
0x76b40000 - 0x76b6d000 C:\WINDOWS\system32\WINMM.dll
0x6d280000 - 0x6d288000 C:\Program Files\Java\jre6\bin\hpi.dll
0x76bf0000 - 0x76bfb000 C:\WINDOWS\system32\PSAPI.DLL
0x6d7b0000 - 0x6d7bc000 C:\Program Files\Java\jre6\bin\verify.dll
0x6d320000 - 0x6d33f000 C:\Program Files\Java\jre6\bin\java.dll
0x6d7f0000 - 0x6d7ff000 C:\Program Files\Java\jre6\bin\zip.dll
0x6d430000 - 0x6d436000 C:\Program Files\Java\jre6\bin\jp2native.dll
0x6d1c0000 - 0x6d1d3000 C:\Program Files\Java\jre6\bin\deploy.dll
0x77a80000 - 0x77b15000 C:\WINDOWS\system32\CRYPT32.dll
0x77b20000 - 0x77b32000 C:\WINDOWS\system32\MSASN1.dll
0x77120000 - 0x771ab000 C:\WINDOWS\system32\OLEAUT32.dll
0x3d930000 - 0x3da16000 C:\WINDOWS\system32\WININET.dll
0x02e50000 - 0x02e59000 C:\WINDOWS\system32\Normaliz.dll
0x78130000 - 0x78263000 C:\WINDOWS\system32\urlmon.dll
0x3dfd0000 - 0x3e1b8000 C:\WINDOWS\system32\iertutil.dll
0x6d6b0000 - 0x6d6f2000 C:\Program Files\Java\jre6\bin\regutils.dll
0x77c00000 - 0x77c08000 C:\WINDOWS\system32\VERSION.dll
0x7d1e0000 - 0x7d49c000 C:\WINDOWS\system32\msi.dll
0x6d610000 - 0x6d623000 C:\Program Files\Java\jre6\bin\net.dll
0x71ab0000 - 0x71ac7000 C:\WINDOWS\system32\WS2_32.dll
0x71aa0000 - 0x71aa8000 C:\WINDOWS\system32\WS2HELP.dll
0x6d630000 - 0x6d639000 C:\Program Files\Java\jre6\bin\nio.dll
0x6d000000 - 0x6d138000 C:\Program Files\Java\jre6\bin\awt.dll
0x5ad70000 - 0x5ada8000 C:\WINDOWS\system32\uxtheme.dll
0x74720000 - 0x7476c000 C:\WINDOWS\system32\MSCTF.dll
0x77b40000 - 0x77b62000 C:\WINDOWS\system32\apphelp.dll
0x755c0000 - 0x755ee000 C:\WINDOWS\system32\msctfime.ime
0x6d220000 - 0x6d274000 C:\Program Files\Java\jre6\bin\fontmanager.dll
0x71a50000 - 0x71a8f000 C:\WINDOWS\System32\mswsock.dll
0x76f20000 - 0x76f47000 C:\WINDOWS\system32\DNSAPI.dll
0x76fb0000 - 0x76fb8000 C:\WINDOWS\System32\winrnr.dll
0x76f60000 - 0x76f8c000 C:\WINDOWS\system32\WLDAP32.dll
0x64000000 - 0x64025000 C:\Program Files\Bonjour\mdnsNSP.dll
0x76d60000 - 0x76d79000 C:\WINDOWS\system32\Iphlpapi.dll
0x76fc0000 - 0x76fc6000 C:\WINDOWS\system32\rasadhlp.dll
0x662b0000 - 0x66308000 C:\WINDOWS\system32\hnetcfg.dll
0x71a90000 - 0x71a98000 C:\WINDOWS\System32\wshtcpip.dll
0x6d190000 - 0x6d1b3000 C:\Program Files\Java\jre6\bin\dcpr.dll
0x68000000 - 0x68036000 C:\WINDOWS\system32\rsaenh.dll
0x5b860000 - 0x5b8b5000 C:\WINDOWS\system32\netapi32.dll
0x6d520000 - 0x6d544000 C:\Program Files\Java\jre6\bin\jsound.dll
0x6d550000 - 0x6d558000 C:\Program Files\Java\jre6\bin\jsoundds.dll
0x73f10000 - 0x73f6c000 C:\WINDOWS\system32\DSOUND.dll
0x76c30000 - 0x76c5e000 C:\WINDOWS\system32\WINTRUST.dll
0x76c90000 - 0x76cb8000 C:\WINDOWS\system32\IMAGEHLP.dll
0x72d20000 - 0x72d29000 C:\WINDOWS\system32\wdmaud.drv
0x72d10000 - 0x72d18000 C:\WINDOWS\system32\msacm32.drv
0x77be0000 - 0x77bf5000 C:\WINDOWS\system32\MSACM32.dll
0x77bd0000 - 0x77bd7000 C:\WINDOWS\system32\midimap.dll
0x76ee0000 - 0x76f1c000 C:\WINDOWS\system32\RASAPI32.dll
0x76e90000 - 0x76ea2000 C:\WINDOWS\system32\rasman.dll
0x76eb0000 - 0x76edf000 C:\WINDOWS\system32\TAPI32.dll
0x76e80000 - 0x76e8e000 C:\WINDOWS\system32\rtutils.dll
0x722b0000 - 0x722b5000 C:\WINDOWS\system32\sensapi.dll
0x77c70000 - 0x77c95000 C:\WINDOWS\system32\msv1_0.dll
0x76790000 - 0x7679c000 C:\WINDOWS\system32\cryptdll.dll

VM Arguments:
jvm_args: -D__jvm_launched=866020301031 -Xbootclasspath/a:C:\PROGRA~1\Java\jre6\lib\deploy.jar;C:\PROGRA~1\Java\jre6\lib\javaws.jar;C:\PROGRA~1\Java\jre6\lib\plugin.jar
java_command: sun.plugin2.main.client.PluginMain write_pipe_name=jpi2_pid1508_pipe4,read_pipe_name=jpi2_pid1508_pipe3
Launcher Type: SUN_STANDARD

Environment Variables:
PATH=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
USERNAME=Dawn
OS=Windows_NT
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 9, GenuineIntel



--------------- S Y S T E M ---------------

OS: Windows XP Build 2600 Service Pack 3

CPU:total 2 (1 cores per cpu, 2 threads per core) family 15 model 4 stepping 9, cmov, cx8, fxsr, mmx, sse, sse2, sse3, ht

Memory: 4k page, physical 514124k(12820k free), swap 1255664k(583900k free)

vm_info: Java HotSpot™ Client VM (11.0-b16) for windows-x86 JRE (1.6.0_11-b03), built on Nov 10 2008 02:15:12 by "java_re" with MS VC++ 7.1

time: Sun May 23 19:22:47 2010
elapsed time: 29 seconds

HERE's THE SECOND ONE:

#
# An unexpected error has been detected by Java Runtime Environment:
#
# EXCEPTION_PRIV_INSTRUCTION (0xc0000096) at pc=0x25626520, pid=3236, tid=1216
#
# Java VM: Java HotSpot™ Client VM (11.0-b16 mixed mode, sharing windows-x86)
# Problematic frame:
# C 0x25626520
#
# If you would like to submit a bug report, please visit:
# http://java.sun.com/webapps/bugreport/crash.jsp
# The crash happened outside the Java Virtual Machine in native code.
# See problematic frame for where to report the bug.
#

--------------- T H R E A D ---------------

Current thread (0x03183000): JavaThread "thread applet-dev.s.Saxonia-1" [_thread_in_native, id=1216, stack(0x04770000,0x047c0000)]

siginfo: ExceptionCode=0xc0000096

Registers:
EAX=0x7c862501, EBX=0x7c808cf3, ECX=0x00000008, EDX=0x25626453
ESP=0x047bfa2c, EBP=0xf83a8ad2, ESI=0x2562645b, EDI=0x2562642a
EIP=0x25626520, EFLAGS=0x00210a87

Top of Stack: (sp=0x047bfa2c)
0x047bfa2c: 3a707474 2562630f 03183000 001b1f2c
0x047bfa3c: 00200246 255a255a 03183000 26be8f98
0x047bfa4c: 00000000 031a0e18 26be8f98 00000000
0x047bfa5c: 0314d474 0314d48c 047bfa64 26be8f98
0x047bfa6c: 047bfa98 26be9660 00000000 26be8f98
0x047bfa7c: 00000000 047bfa94 047bfac0 00c12e83
0x047bfa8c: 00000000 00c18189 22a71010 22a7e720
0x047bfa9c: 22a7e720 047bfaa0 26be8ef7 047bfad0

Instructions: (pc=0x25626520)
0x25626510: 68 74 74 70 3a 2f 2f 74 75 69 6e 75 73 61 31 6d
0x25626520: 6f 65 2e 63 6f 6d 2f 77 77 2f 6c 2e 70 68 70 3f


Stack: [0x04770000,0x047c0000], sp=0x047bfa2c, free space=318k
Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)
C 0x25626520

Java frames: (J=compiled Java code, j=interpreted, Vv=VM code)
j com.sun.media.sound.HeadspaceSoundbank.nOpenResource(Ljava/lang/String;)J+0
j com.sun.media.sound.HeadspaceSoundbank.initialize(Ljava/lang/String;)V+7
j com.sun.media.sound.HeadspaceSoundbank.<init>(Ljava/net/URL;)V+89
j com.sun.media.sound.HsbParser.getSoundbank(Ljava/net/URL;)Ljavax/sound/midi/Soundbank;+5
j javax.sound.midi.MidiSystem.getSoundbank(Ljava/net/URL;)Ljavax/sound/midi/Soundbank;+36
j dev.s.Saxonia.init()V+665
j sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run()V+837
j java.lang.Thread.run()V+11
v ~StubRoutines::call_stub

--------------- P R O C E S S ---------------

Java Threads: ( => current thread )
0x02d8e400 JavaThread "Java Sound Event Dispatcher" daemon [_thread_blocked, id=3920, stack(0x049f0000,0x04a40000)]
0x0317f400 JavaThread "Keep-Alive-Timer" daemon [_thread_blocked, id=3292, stack(0x046d0000,0x04720000)]
0x03198c00 JavaThread "Image Fetcher 3" daemon [_thread_blocked, id=3472, stack(0x04990000,0x049e0000)]
0x03197c00 JavaThread "Image Fetcher 2" daemon [_thread_blocked, id=952, stack(0x04940000,0x04990000)]
0x03195c00 JavaThread "Image Fetcher 1" daemon [_thread_blocked, id=3436, stack(0x048f0000,0x04940000)]
0x03195000 JavaThread "Image Fetcher 0" daemon [_thread_blocked, id=2388, stack(0x047c0000,0x04810000)]
0x0318b800 JavaThread "Thread-10" [_thread_blocked, id=2780, stack(0x048a0000,0x048f0000)]
=>0x03183000 JavaThread "thread applet-dev.s.Saxonia-1" [_thread_in_native, id=1216, stack(0x04770000,0x047c0000)]
0x0317a400 JavaThread "AWT-EventQueue-2" [_thread_blocked, id=2028, stack(0x04720000,0x04770000)]
0x0316d000 JavaThread "Applet 1 LiveConnect Worker Thread" [_thread_blocked, id=956, stack(0x03610000,0x03660000)]
0x0316c000 JavaThread "Browser Side Object Cleanup Thread" [_thread_blocked, id=1396, stack(0x04680000,0x046d0000)]
0x03168000 JavaThread "Windows Tray Icon Thread" [_thread_in_native, id=4060, stack(0x037a0000,0x037f0000)]
0x03165c00 JavaThread "CacheCleanUpThread" daemon [_thread_blocked, id=3696, stack(0x03750000,0x037a0000)]
0x03174c00 JavaThread "CacheMemoryCleanUpThread" daemon [_thread_blocked, id=2020, stack(0x03700000,0x03750000)]
0x03133000 JavaThread "Java Plug-In Heartbeat Thread" [_thread_blocked, id=1796, stack(0x033c0000,0x03410000)]
0x0314a800 JavaThread "AWT-EventQueue-0" [_thread_blocked, id=3096, stack(0x03660000,0x036b0000)]
0x03147c00 JavaThread "AWT-Windows" daemon [_thread_in_native, id=2504, stack(0x03560000,0x035b0000)]
0x03146400 JavaThread "AWT-Shutdown" [_thread_blocked, id=1968, stack(0x03510000,0x03560000)]
0x03141800 JavaThread "Java2D Disposer" daemon [_thread_blocked, id=3328, stack(0x034c0000,0x03510000)]
0x0313e000 JavaThread "Java Plug-In Pipe Worker Thread (Client-Side)" [_thread_in_native, id=1940, stack(0x03410000,0x03460000)]
0x02e48000 JavaThread "traceMsgQueueThread" daemon [_thread_blocked, id=3428, stack(0x03330000,0x03380000)]
0x02e45400 JavaThread "Timer-0" [_thread_blocked, id=2980, stack(0x030e0000,0x03130000)]
0x02d81400 JavaThread "Low Memory Detector" daemon [_thread_blocked, id=1380, stack(0x03030000,0x03080000)]
0x02d7b800 JavaThread "CompilerThread0" daemon [_thread_blocked, id=3984, stack(0x02fe0000,0x03030000)]
0x02d79c00 JavaThread "Attach Listener" daemon [_thread_blocked, id=2540, stack(0x02f90000,0x02fe0000)]
0x02d78800 JavaThread "Signal Dispatcher" daemon [_thread_blocked, id=1664, stack(0x02f40000,0x02f90000)]
0x02d70800 JavaThread "Finalizer" daemon [_thread_blocked, id=792, stack(0x02ef0000,0x02f40000)]
0x02d6f000 JavaThread "Reference Handler" daemon [_thread_blocked, id=2796, stack(0x02ea0000,0x02ef0000)]
0x001d6800 JavaThread "main" [_thread_blocked, id=3512, stack(0x00ba0000,0x00bf0000)]

Other Threads:
0x02d6d800 VMThread [stack: 0x02e50000,0x02ea0000] [id=260]
0x02d83800 WatcherThread [stack: 0x03080000,0x030d0000] [id=3232]

VM state:not at safepoint (normal execution)

VM Mutex/Monitor currently owned by a thread: None

Heap
def new generation total 4544K, used 1097K [0x22970000, 0x22e50000, 0x22e50000)
eden space 4096K, 26% used [0x22970000, 0x22a827a0, 0x22d70000)
from space 448K, 0% used [0x22d70000, 0x22d70000, 0x22de0000)
to space 448K, 0% used [0x22de0000, 0x22de0000, 0x22e50000)
tenured generation total 60544K, used 51036K [0x22e50000, 0x26970000, 0x26970000)
the space 60544K, 84% used [0x22e50000, 0x26027140, 0x26027200, 0x26970000)
compacting perm gen total 12288K, used 2613K [0x26970000, 0x27570000, 0x2a970000)
the space 12288K, 21% used [0x26970000, 0x26bfd450, 0x26bfd600, 0x27570000)
ro space 8192K, 63% used [0x2a970000, 0x2ae83ae8, 0x2ae83c00, 0x2b170000)
rw space 12288K, 53% used [0x2b170000, 0x2b7d83f8, 0x2b7d8400, 0x2bd70000)

Dynamic libraries:
0x00400000 - 0x00424000 C:\Program Files\Java\jre6\bin\java.exe
0x7c900000 - 0x7c9b2000 C:\WINDOWS\system32\ntdll.dll
0x7c800000 - 0x7c8f6000 C:\WINDOWS\system32\kernel32.dll
0x77dd0000 - 0x77e6b000 C:\WINDOWS\system32\ADVAPI32.dll
0x77e70000 - 0x77f02000 C:\WINDOWS\system32\RPCRT4.dll
0x77fe0000 - 0x77ff1000 C:\WINDOWS\system32\Secur32.dll
0x5cb70000 - 0x5cb96000 C:\WINDOWS\system32\ShimEng.dll
0x71590000 - 0x71609000 C:\WINDOWS\AppPatch\AcLayers.DLL
0x7e410000 - 0x7e4a1000 C:\WINDOWS\system32\USER32.dll
0x77f10000 - 0x77f59000 C:\WINDOWS\system32\GDI32.dll
0x7c9c0000 - 0x7d1d7000 C:\WINDOWS\system32\SHELL32.dll
0x77c10000 - 0x77c68000 C:\WINDOWS\system32\msvcrt.dll
0x77f60000 - 0x77fd6000 C:\WINDOWS\system32\SHLWAPI.dll
0x774e0000 - 0x7761d000 C:\WINDOWS\system32\ole32.dll
0x769c0000 - 0x76a74000 C:\WINDOWS\system32\USERENV.dll
0x73000000 - 0x73026000 C:\WINDOWS\system32\WINSPOOL.DRV
0x76390000 - 0x763ad000 C:\WINDOWS\system32\IMM32.DLL
0x773d0000 - 0x774d3000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
0x76c90000 - 0x76cb8000 C:\WINDOWS\system32\imagehlp.dll
0x3d930000 - 0x3da16000 C:\WINDOWS\system32\WININET.dll
0x003f0000 - 0x003f9000 C:\WINDOWS\system32\Normaliz.dll
0x78130000 - 0x78263000 C:\WINDOWS\system32\urlmon.dll
0x77120000 - 0x771ab000 C:\WINDOWS\system32\OLEAUT32.dll
0x3dfd0000 - 0x3e1b8000 C:\WINDOWS\system32\iertutil.dll
0x7c340000 - 0x7c396000 C:\Program Files\Java\jre6\bin\msvcr71.dll
0x6d800000 - 0x6da56000 C:\Program Files\Java\jre6\bin\client\jvm.dll
0x76b40000 - 0x76b6d000 C:\WINDOWS\system32\WINMM.dll
0x6d280000 - 0x6d288000 C:\Program Files\Java\jre6\bin\hpi.dll
0x76bf0000 - 0x76bfb000 C:\WINDOWS\system32\PSAPI.DLL
0x6d7b0000 - 0x6d7bc000 C:\Program Files\Java\jre6\bin\verify.dll
0x6d320000 - 0x6d33f000 C:\Program Files\Java\jre6\bin\java.dll
0x6d7f0000 - 0x6d7ff000 C:\Program Files\Java\jre6\bin\zip.dll
0x6d430000 - 0x6d436000 C:\Program Files\Java\jre6\bin\jp2native.dll
0x6d1c0000 - 0x6d1d3000 C:\Program Files\Java\jre6\bin\deploy.dll
0x77a80000 - 0x77b15000 C:\WINDOWS\system32\CRYPT32.dll
0x77b20000 - 0x77b32000 C:\WINDOWS\system32\MSASN1.dll
0x6d6b0000 - 0x6d6f2000 C:\Program Files\Java\jre6\bin\regutils.dll
0x77c00000 - 0x77c08000 C:\WINDOWS\system32\VERSION.dll
0x7d1e0000 - 0x7d49c000 C:\WINDOWS\system32\msi.dll
0x6d610000 - 0x6d623000 C:\Program Files\Java\jre6\bin\net.dll
0x71ab0000 - 0x71ac7000 C:\WINDOWS\system32\WS2_32.dll
0x71aa0000 - 0x71aa8000 C:\WINDOWS\system32\WS2HELP.dll
0x6d630000 - 0x6d639000 C:\Program Files\Java\jre6\bin\nio.dll
0x6d000000 - 0x6d138000 C:\Program Files\Java\jre6\bin\awt.dll
0x5ad70000 - 0x5ada8000 C:\WINDOWS\system32\uxtheme.dll
0x74720000 - 0x7476c000 C:\WINDOWS\system32\MSCTF.dll
0x77b40000 - 0x77b62000 C:\WINDOWS\system32\apphelp.dll
0x755c0000 - 0x755ee000 C:\WINDOWS\system32\msctfime.ime
0x6d220000 - 0x6d274000 C:\Program Files\Java\jre6\bin\fontmanager.dll
0x71a50000 - 0x71a8f000 C:\WINDOWS\System32\mswsock.dll
0x76f20000 - 0x76f47000 C:\WINDOWS\system32\DNSAPI.dll
0x76fb0000 - 0x76fb8000 C:\WINDOWS\System32\winrnr.dll
0x76f60000 - 0x76f8c000 C:\WINDOWS\system32\WLDAP32.dll
0x64000000 - 0x64025000 C:\Program Files\Bonjour\mdnsNSP.dll
0x76d60000 - 0x76d79000 C:\WINDOWS\system32\Iphlpapi.dll
0x76fc0000 - 0x76fc6000 C:\WINDOWS\system32\rasadhlp.dll
0x662b0000 - 0x66308000 C:\WINDOWS\system32\hnetcfg.dll
0x71a90000 - 0x71a98000 C:\WINDOWS\System32\wshtcpip.dll
0x6d190000 - 0x6d1b3000 C:\Program Files\Java\jre6\bin\dcpr.dll
0x68000000 - 0x68036000 C:\WINDOWS\system32\rsaenh.dll
0x5b860000 - 0x5b8b5000 C:\WINDOWS\system32\netapi32.dll
0x6d520000 - 0x6d544000 C:\Program Files\Java\jre6\bin\jsound.dll
0x6d550000 - 0x6d558000 C:\Program Files\Java\jre6\bin\jsoundds.dll
0x73f10000 - 0x73f6c000 C:\WINDOWS\system32\DSOUND.dll
0x76c30000 - 0x76c5e000 C:\WINDOWS\system32\WINTRUST.dll
0x72d20000 - 0x72d29000 C:\WINDOWS\system32\wdmaud.drv
0x72d10000 - 0x72d18000 C:\WINDOWS\system32\msacm32.drv
0x77be0000 - 0x77bf5000 C:\WINDOWS\system32\MSACM32.dll
0x77bd0000 - 0x77bd7000 C:\WINDOWS\system32\midimap.dll

VM Arguments:
jvm_args: -D__jvm_launched=1636923843585 -Xbootclasspath/a:C:\PROGRA~1\Java\jre6\lib\deploy.jar;C:\PROGRA~1\Java\jre6\lib\javaws.jar;C:\PROGRA~1\Java\jre6\lib\plugin.jar
java_command: sun.plugin2.main.client.PluginMain write_pipe_name=jpi2_pid2064_pipe3,read_pipe_name=jpi2_pid2064_pipe2
Launcher Type: SUN_STANDARD

Environment Variables:
PATH=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
USERNAME=Dawn
OS=Windows_NT
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 9, GenuineIntel



--------------- S Y S T E M ---------------

OS: Windows XP Build 2600 Service Pack 3

CPU:total 2 (1 cores per cpu, 2 threads per core) family 15 model 4 stepping 9, cmov, cx8, fxsr, mmx, sse, sse2, sse3, ht

Memory: 4k page, physical 514124k(58484k free), swap 1255664k(548608k free)

vm_info: Java HotSpot™ Client VM (11.0-b16) for windows-x86 JRE (1.6.0_11-b03), built on Nov 10 2008 02:15:12 by "java_re" with MS VC++ 7.1

time: Tue Jun 01 17:30:34 2010
elapsed time: 7 seconds


FINALLY, THERE WERE 2 TXT FILES FORTDSS. HERE IS THE FIRST ONE:

9:59:34:265 2984 TDSS rootkit removing tool 2.3.2.2 Jun 30 2010 17:23:49
19:59:34:265 2984 ================================================================================
19:59:34:265 2984 SystemInfo:

19:59:34:265 2984 OS Version: 5.1.2600 ServicePack: 3.0
19:59:34:265 2984 Product type: Workstation
19:59:34:265 2984 ComputerName: DHFMSZ81
19:59:34:265 2984 UserName: Dawn
19:59:34:265 2984 Windows directory: C:\WINDOWS
19:59:34:265 2984 System windows directory: C:\WINDOWS
19:59:34:265 2984 Processor architecture: Intel x86
19:59:34:265 2984 Number of processors: 2
19:59:34:265 2984 Page size: 0x1000
19:59:34:281 2984 Boot type: Normal boot
19:59:34:281 2984 ================================================================================
19:59:34:531 2984 Initialize success
19:59:34:531 2984
19:59:34:531 2984 Scanning Services ...
19:59:35:109 2984 Raw services enum returned 350 services
19:59:35:125 2984
19:59:35:125 2984 Scanning Drivers ...
19:59:35:828 2984 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
19:59:35:921 2984 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:59:35:984 2984 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
19:59:36:046 2984 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
19:59:36:093 2984 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
19:59:36:171 2984 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
19:59:36:234 2984 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
19:59:36:296 2984 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
19:59:36:406 2984 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
19:59:36:484 2984 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
19:59:36:546 2984 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
19:59:36:593 2984 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliIde.

HERE IS THE SECOND ONE:

19:55:25:121 2828 TDSS rootkit removing tool 2.3.2.2 Jun 30 2010 17:23:49
19:55:25:121 2828 ================================================================================
19:55:25:121 2828 SystemInfo:

19:55:25:121 2828 OS Version: 5.1.2600 ServicePack: 3.0
19:55:25:121 2828 Product type: Workstation
19:55:25:121 2828 ComputerName: DHFMSZ81
19:55:25:121 2828 UserName: Dawn
19:55:25:121 2828 Windows directory: C:\WINDOWS
19:55:25:121 2828 System windows directory: C:\WINDOWS
19:55:25:121 2828 Processor architecture: Intel x86
19:55:25:121 2828 Number of processors: 2
19:55:25:121 2828 Page size: 0x1000
19:55:25:137 2828 Boot type: Normal boot
19:55:25:137 2828 ================================================================================
19:55:25:481 2828 Initialize success
19:55:25:481 2828
19:55:25:481 2828 Scanning Services ...
19:55:25:981 2828 Raw services enum returned 351 services
19:55:25:996 2828
19:55:25:996 2828 Scanning Drivers ...
19:55:27:371 2828 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
19:55:27:481 2828 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:55:27:543 2828 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
19:55:27:621 2828 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
19:55:27:715 2828 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
19:55:27:871 2828 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
19:55:28:012 2828 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
19:55:28:106 2828 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
19:55:28:184 2828 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
19:55:28:309 2828 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
19:55:28:418 2828 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
19:55:28:481 2828 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
19:55:28:590 2828 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
19:55:28:684 2828 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
19:55:28:809 2828 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
19:55:28:871 2828 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
19:55:28:965 2828 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
19:55:29:059 2828 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
19:55:29:168 2828 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:55:29:277 2828 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
19:55:29:387 2828 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:55:29:449 2828 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
19:55:29:543 2828 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
19:55:29:621 2828 avgntflt (a88d29d928ad2b830e87b53e3f9bc182) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
19:55:29:652 2828 avipbb (1289e9a5d9118a25a13c0009519088e3) C:\WINDOWS\system32\DRIVERS\avipbb.sys
19:55:29:731 2828 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
19:55:29:840 2828 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
19:55:29:949 2828 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
19:55:29:996 2828 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
19:55:30:059 2828 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
19:55:30:199 2828 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
19:55:30:277 2828 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:55:30:668 2828 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
19:55:30:856 2828 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
19:55:30:996 2828 ctsfm2k (8db84de3aab34a8b4c2f644eff41cd76) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
19:55:31:074 2828 CTUSFSYN (4ee8822adb764edd28ce44e808097995) C:\WINDOWS\system32\drivers\ctusfsyn.sys
19:55:31:184 2828 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
19:55:31:324 2828 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
19:55:31:418 2828 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
19:55:31:543 2828 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
19:55:31:684 2828 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
19:55:31:715 2828 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
19:55:31:746 2828 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
19:55:31:840 2828 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
19:55:31:902 2828 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
19:55:31:996 2828 drvmcdb (96bc8f872f0270c10edc3931f1c03776) C:\WINDOWS\system32\drivers\drvmcdb.sys
19:55:32:043 2828 drvnddm (5afbec7a6ac61b211633dfdb1d9e0c89) C:\WINDOWS\system32\drivers\drvnddm.sys
19:55:32:090 2828 E100B (95974e66d3de4951d29e28e8bc0b644c) C:\WINDOWS\system32\DRIVERS\e100b325.sys
19:55:32:199 2828 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
19:55:32:371 2828 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
19:55:32:465 2828 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
19:55:32:590 2828 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:55:32:699 2828 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
19:55:32:746 2828 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:55:32:777 2828 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:55:32:840 2828 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
19:55:32:949 2828 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:55:33:106 2828 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:55:33:184 2828 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:55:33:293 2828 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
19:55:33:402 2828 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
19:55:33:559 2828 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
19:55:33:652 2828 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
19:55:33:746 2828 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:55:33:840 2828 ialm (240d0f5d7caafd87bd8d801a97bbe041) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
19:55:33:996 2828 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
19:55:34:090 2828 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
19:55:34:199 2828 IntelC51 (7509c548400f4c9e0211e3f6e66abbe6) C:\WINDOWS\system32\DRIVERS\IntelC51.sys
19:55:34:434 2828 IntelC52 (9584ffdd41d37f2c239681d0dac2513e) C:\WINDOWS\system32\DRIVERS\IntelC52.sys
19:55:34:527 2828 IntelC53 (cf0b937710cec6ef39416edecd803cbb) C:\WINDOWS\system32\DRIVERS\IntelC53.sys
19:55:34:637 2828 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
19:55:34:715 2828 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:55:34:793 2828 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
19:55:34:887 2828 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:55:34:996 2828 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:55:35:074 2828 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:55:35:184 2828 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:55:35:324 2828 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
19:55:35:387 2828 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:55:35:418 2828 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:55:35:527 2828 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:55:35:621 2828 klmd23 (316353165feba3d0538eaa9c2f60c5b7) C:\WINDOWS\system32\drivers\klmd.sys
19:55:35:684 2828 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
19:55:35:777 2828 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
19:55:35:887 2828 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
19:55:35:934 2828 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
19:55:36:043 2828 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
19:55:36:121 2828 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
19:55:36:324 2828 mohfilt (59b8b11ff70728eec60e72131c58b716) C:\WINDOWS\system32\DRIVERS\mohfilt.sys
19:55:36:402 2828 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:55:36:559 2828 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:55:36:652 2828 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
19:55:36:699 2828 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
19:55:36:762 2828 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:55:36:856 2828 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:55:36:887 2828 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
19:55:36:934 2828 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:55:37:012 2828 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:55:37:106 2828 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
19:55:37:199 2828 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:55:37:356 2828 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
19:55:37:387 2828 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
19:55:37:434 2828 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:55:37:496 2828 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:55:37:574 2828 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:55:37:699 2828 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
19:55:37:762 2828 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
19:55:37:809 2828 NetBT (865e2a36857eaf9bd4eebbd2de978c25) C:\WINDOWS\system32\DRIVERS\netbt.sys
19:55:37:840 2828 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\netbt.sys. Real md5: 865e2a36857eaf9bd4eebbd2de978c25, Fake md5: 74b2b2f5bea5e9a3dc021d685551bd3d
19:55:37:840 2828 File "C:\WINDOWS\system32\DRIVERS\netbt.sys" infected by TDSS rootkit ... 19:55:39:809 2828 Backup copy found, using it..
19:55:39:902 2828 will be cured on next reboot
19:55:40:059 2828 NetworkX (1f4675c9489f8562c4ed7528a92cd54a) C:\WINDOWS\system32\ckldrv.sys
19:55:40:184 2828 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
19:55:40:246 2828 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
19:55:40:293 2828 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
19:55:40:449 2828 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
19:55:40:590 2828 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:55:40:731 2828 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:55:40:840 2828 ossrv (103a9b117a7d9903111955cdafe65ac6) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
19:55:40:934 2828 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
19:55:41:059 2828 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
19:55:41:106 2828 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
19:55:41:184 2828 PCANDIS5 (d0084a9ade989fe703e4f22171f4e4dc) C:\WINDOWS\system32\PCANDIS5.SYS
19:55:41:246 2828 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
19:55:41:324 2828 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
19:55:41:371 2828 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
19:55:41:543 2828 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
19:55:41:621 2828 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
19:55:41:699 2828 pmxscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:55:41:809 2828 ppsio2 (de4dfb09bf96fd5f810750140e2aa236) C:\WINDOWS\system32\drivers\ppsio2.sys
19:55:41:918 2828 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:55:42:090 2828 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
19:55:42:137 2828 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:55:42:215 2828 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
19:55:42:262 2828 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
19:55:42:371 2828 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
19:55:42:465 2828 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
19:55:42:543 2828 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
19:55:42:606 2828 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
19:55:42:762 2828 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:55:42:887 2828 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:55:43:074 2828 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:55:43:231 2828 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
19:55:43:309 2828 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:55:43:340 2828 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:55:43:402 2828 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:55:43:543 2828 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
19:55:43:699 2828 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
19:55:43:840 2828 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
19:55:43:871 2828 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
19:55:44:043 2828 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:55:44:106 2828 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
19:55:44:199 2828 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
19:55:44:293 2828 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
19:55:44:434 2828 sigfilt (6bd3976b881888ac9a0ed3eb94e7fd38) C:\WINDOWS\system32\drivers\sigfilt.sys
19:55:44:731 2828 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
19:55:44:809 2828 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
19:55:44:902 2828 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
19:55:45:246 2828 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
19:55:45:637 2828 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
19:55:45:918 2828 sscdbhk5 (98625722ad52b40305e74aaa83c93086) C:\WINDOWS\system32\drivers\sscdbhk5.sys
19:55:46:059 2828 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
19:55:46:152 2828 ssrtln (d79412e3942c8a257253487536d5a994) C:\WINDOWS\system32\drivers\ssrtln.sys
19:55:46:231 2828 STHDA (b95480c92c4c9c311be47b8a1ad73770) C:\WINDOWS\system32\drivers\sthda.sys
19:55:46:356 2828 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
19:55:46:465 2828 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
19:55:46:543 2828 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
19:55:46:637 2828 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
19:55:46:762 2828 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
19:55:46:840 2828 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
19:55:46:949 2828 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
19:55:47:106 2828 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:55:47:246 2828 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
19:55:47:324 2828 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
19:55:47:434 2828 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
19:55:47:527 2828 tfsnboio (d0177776e11b0b3f272eebd262a69661) C:\WINDOWS\system32\dla\tfsnboio.sys
19:55:47:590 2828 tfsncofs (599804bc938b8305a5422319774da871) C:\WINDOWS\system32\dla\tfsncofs.sys
19:55:47:684 2828 tfsndrct (a1902c00adc11c4d83f8e3ed947a6a32) C:\WINDOWS\system32\dla\tfsndrct.sys
19:55:47:793 2828 tfsndres (d8ddb3f2b1bef15cff6728d89c042c61) C:\WINDOWS\system32\dla\tfsndres.sys
19:55:47:856 2828 tfsnifs (c4f2dea75300971cdaee311007de138d) C:\WINDOWS\system32\dla\tfsnifs.sys
19:55:48:106 2828 tfsnopio (272925be0ea919f08286d2ee6f102b0f) C:\WINDOWS\system32\dla\tfsnopio.sys
19:55:48:184 2828 tfsnpool (7b7d955e5cebc2fb88b03ef875d52a2f) C:\WINDOWS\system32\dla\tfsnpool.sys
19:55:48:215 2828 tfsnudf (e3d01263109d800c1967c12c10a0b018) C:\WINDOWS\system32\dla\tfsnudf.sys
19:55:48:309 2828 tfsnudfa (b9e9c377906e3a65bc74598fff7f7458) C:\WINDOWS\system32\dla\tfsnudfa.sys
19:55:48:402 2828 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
19:55:48:481 2828 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
19:55:48:574 2828 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
19:55:48:684 2828 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
19:55:48:902 2828 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:55:49:059 2828 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:55:49:168 2828 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:55:49:293 2828 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:55:49:387 2828 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:55:49:449 2828 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:55:49:543 2828 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:55:49:606 2828 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
19:55:49:715 2828 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
19:55:49:840 2828 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
19:55:49:918 2828 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
19:55:50:059 2828 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:55:50:199 2828 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
19:55:50:309 2828 WMP11V27 (f7c6cc420c21eb1a73f6a73bfec96f2c) C:\WINDOWS\system32\DRIVERS\WMP11V27.sys
19:55:50:356 2828 Reboot required for cure complete..
19:55:50:871 2828 Cure on reboot scheduled successfully
19:55:50:871 2828
19:55:50:871 2828 Completed
19:55:50:871 2828
19:55:50:871 2828 Results:
19:55:50:871 2828 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
19:55:50:871 2828 File objects infected / cured / cured on reboot: 1 / 0 / 1
19:55:50:871 2828
19:55:50:871 2828 KLMD(ARK) unloaded successfully

Again, thanks. Please let me know if I shouls do anything else.

Excellent.. Ok well I use the Free Avira myself with MBAM and SAS. I update and scan every week. They run quicker when run regualarly.

We need to fix JAVA.... This should take care of all the messages.
Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:

• Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
• Look for "JDK 6 Update 20 (JDK or JRE)".
• Click the "Download JRE" button to the right.
• Select your Platform: "Windows".
• Select your Language: "Multi-language".
• Read the License Agreement, and then check the box that says: "Accept License Agreement".
• Click Continue and the page will refresh.
• Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
• Close any programs you may have running - especially your web browser.

Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.

• Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
• Repeat as many times as necessary to remove each Java versions.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on jre-6u20-windows-i586.exe to install the newest version.
• If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
• When the Java Setup - Welcome window opens, click the Install > button.
• If offered to install a Toolbar, just uncheck the box before continuing unless you want it.

-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.

Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.



Now you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:

• Go to Start > Programs > Accessories > System Tools and click "System Restore".
• Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.

• Then use Disk Cleanup to remove all but the most recently created Restore Point.
• Go to Start > Run and type: Cleanmgr
• Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
• Click the "More Options" tab, then click the "Clean up" button under System Restore.
• Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
• Click Yes, then click Ok.
• Click Yes again when prompted with "Are you sure you want to perform these actions?"
• Disk Cleanup will remove the files and close automatically.

Vista and Windows 7 users can refer to these links: Create a New Restore Point in Vista or Windows 7 and Disk Cleanup in Vista.

Edited by boopme, 06 July 2010 - 08:27 PM.

Well, I took all your latest suggestions and it looks like I am in great shape. I cannot thank you enough for all of your help. This site is truly a gold mine. I am a fan and if there is anything I can do to support this site, please let me know. Best Regards.

You are quite welcome and your kind words are appreciated.
Thanks for the offer... I do not accept donations nor does BC.. But I will recommend 2 routes if you'd like to contribute to something..
Either make a donation to some people here that would appreciate it. They help or developed some of the tools we use here to clean computers.

Look them up in the MEMBERS tab at the top right.
a_d_13
jpshortstuff
random/random
Old Timer
teacup61
JSntgRvr
m0le
Blender
Thunder

OR
If you would like to donate,I'd appreciate if you donated here. Goodwill Rescue Mission, Complete meal $1.98

I donate here often and serve Thanksgiving dinner every other year. They are non profit, honest and very dedicated. Thousands of people pass thru here in need of food ,clothing, furniture etc...
They run one in Newark,NJ and lower Manhattan,NYC.


Tips to protect yourself against malware and reduce the potential for re-infection:

• Simple and easy ways to keep your computer safe.
• How did I get infected?, With steps so it does not happen again!.
• Hardening Windows Security - Part 1 & Part 2.
• Configuring Internet Explorer for Practical Security and Privacy - How to Secure Your Web Browser.
• Your Guide To Staying Safe Online.
• Use Task Manager to close pop-up messages to safely exit malware attacks.

• Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

• Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. To learn more about this risk, please read:

• USB-Based Malware Attacks.
• When is AUTORUN.INF really an AUTORUN.INF?.
• Please disable Autorun asap!.