Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"Find Fast Answers" Google Redirect Virus


  • Please log in to reply
47 replies to this topic

#1 Camron23

Camron23

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 02 August 2011 - 12:45 AM

Hi there,

I am using a Windows 7 PC and recently have been occasionally getting redirected to a website called "find-answers-fast.com". This has been going on for a few days now and I've noticed significant decline in my PC's speed, especially when browsing the web and overall performance.

I currently have a few different tools running in an attempt to keep my PC relatively safe. I have Zonealarm, Avast, MBAM, SAS, and AVG. I used all those and I found a few different items which have since been quarantined, but I'm afraid the problem still remains. It seems as though redirecting viruses have been a bit more popular recently and I was hoping there was something I could do to be sure that I'm clean and if I'm not, how I might be able to rid myself of this virus. Thank you in advance.

-Camron

BC AdBot (Login to Remove)

 


#2 shreyas1995

shreyas1995

  • Banned
  • 72 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:52 PM

Posted 02 August 2011 - 01:31 AM

well,u can perform scans with some tools untill someone from the bc staff helps u:


*download kaspersky virus removal tool from here:
http://support.kaspersky.com/viruses/utility

*save it to your desktop.Double-click to open it.

*In order to run automatic scan of your computer by Kaspersky Virus Removal Tool 2010, perform the following actions:

*Open the main application window.
*Go to the Autoscan tab.
*Check the boxes for the areas to be scanned. By default Kaspersky Virus Removal Tool 2010 scans for viruses System memory, Disk boot sectors and *Hidden startup objects. In the main window on the Autoscan tab you can define the scan area by checking the necessary scan areas.
*Select the required actions to be performed on detected threats by clicking the link in the On threat detection line.
*Click on the start scan button.
*Wait until the process is complete.

Posted Image

*Once the scan task is started, the program will detect and automatically delete all known viruses, rootkits, Trojan programs and worms. The *application will perform the following actions on threat detection:

*Prompt when the scan is complete.[reccomended] (if you selected Prompt on completion).
*Prompt for action on each threat detection. (if you select Prompt for action).
*Disinfect or delete; or delete an infected object if disinfection fails[reccomended.] (if you checked Select action: Disinfect and Delete/Delete if disinfection fails).

Posted Image

At the end of disinfection,dont forget to click report and post the log generated here on next comment.


remember on next reply post logs of:
*Mbam.
*kaspersky virus removal tool.

Edited by shreyas1995, 02 August 2011 - 01:37 AM.


#3 Camron23

Camron23
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 02 August 2011 - 01:34 AM

Thank you! I've already run Malwarebytes and it did find and quarantine a few infected files but I will give the Kaspersky tool a try right now.

#4 Camron23

Camron23
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 02 August 2011 - 01:51 AM

As requested, Here is the following log from MBAM. The Kaspersky Virus Removal Tool completed and found no issues. The log is too long to post here.

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7351

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

8/1/2011 10:24:42 PM
mbam-log-2011-08-01 (22-24-42).txt

Scan type: Quick scan
Objects scanned: 185109
Time elapsed: 1 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#5 shreyas1995

shreyas1995

  • Banned
  • 72 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:52 PM

Posted 02 August 2011 - 02:04 AM

*download hitman pro from here:
http://download.cnet.com/Hitman-Pro-3-32-bit/3000-2239_4-10895604.html

*double click on the saved file.

*It will update automatically by showing up a window.

*click next.

*under the next tab,click default scan.

*come back here with results.do not take any action untill told to do so.


#6 Camron23

Camron23
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 02 August 2011 - 02:37 AM

Alright Hitman has been downloaded (the 64-bit version) and it's come up with a few suspicious objects found.

It says I have some tracking cookies as well as the fact that Internet Explorer is using a proxy server on this computer to connect to the Internet. I think this is a big red flag right there. I have stopped at this point and am awaiting further instruction. I will leave my computer on and check back in the morning to follow your instructions from here. Thank you.

#7 shreyas1995

shreyas1995

  • Banned
  • 72 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:52 PM

Posted 02 August 2011 - 02:48 AM

all results are ticked and the action in front of them should be delete if so please click next may ask u to validate a free lisence do so...will take a short time.come back here after the removal.

#8 Camron23

Camron23
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 02 August 2011 - 01:51 PM

Ok great. All of them have been deleted, except for the first one which was the proxy server. That one says it has been repaired.

#9 shreyas1995

shreyas1995

  • Banned
  • 72 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:52 PM

Posted 02 August 2011 - 08:13 PM

ok,time perform a another scan:


Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.

#10 Camron23

Camron23
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 02 August 2011 - 10:15 PM

Followed your directions and here is the log from my scan:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/02/2011 at 08:12 PM

Application Version : 4.45.1000

Core Rules Database Version : 7502
Trace Rules Database Version: 5314

Scan type : Complete Scan
Total Scan Time : 01:03:47

Memory items scanned : 533
Memory threats detected : 0
Registry items scanned : 7297
Registry threats detected : 0
File items scanned : 178437
File threats detected : 5

Adware.Tracking Cookie
C:\Users\Camron\AppData\Roaming\Microsoft\Windows\Cookies\camron@stopzilla[2].txt
C:\Users\Camron\AppData\Roaming\Microsoft\Windows\Cookies\camron@www.accountonline[1].txt
C:\Users\Camron\AppData\Roaming\Microsoft\Windows\Cookies\camron@accountonline[1].txt
C:\Users\Camron\AppData\Roaming\Microsoft\Windows\Cookies\camron@www.stopzilla[2].txt
secure-us.imrworldwide.com [ C:\Users\Camron\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\W97XR6T3 ]

#11 shreyas1995

shreyas1995

  • Banned
  • 72 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:52 PM

Posted 03 August 2011 - 01:02 AM

ok.time to take a deeper look:

*Download escan removal tool.it will download two files.
http://update1.mwti.net/akdlm/download/tools/mwav.exe

* To remove escan setup properly from your system just run esremove.exe .

*After unistallation complete you will get pop "eScan removed Sucessfully."

*After download completion,double click on saved file.

*The scan window will open,update if asked otherwise perform a full scan.

*IT will remove anything found automaticlly.

*Come back with results.

Edited by shreyas1995, 03 August 2011 - 02:35 AM.


#12 shreyas1995

shreyas1995

  • Banned
  • 72 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:52 PM

Posted 03 August 2011 - 01:26 AM

why not do a cleanup to avoid junk left behind?

*Download ccleaner form here:
http://download.cnet.com/ccleaner/

*Double-click on saved file.

*Follow on screen instructions for installation.

*After that,double clcik on the ccleaner icon on desktop.

*Cick analyze.

*After analyses click run cleaner.Dont forget to close all browsers.

*Go to registry tab and do the same.if asked to backup the registry click yes.

Edited by shreyas1995, 03 August 2011 - 01:27 AM.


#13 Camron23

Camron23
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 03 August 2011 - 01:46 AM

Ok so for the eScan Removal Tool, It was unable to find an install destination and wouldn't load. My error message said, "ERROR!! Failed to get eScan Install directory." I did get the 2nd pop up saying it was successfully moved. I'm not sure if this has anything to do with it but does it have to be 64-bit because I have windows 7?

As for the Ccleaner, I was able to run that to your instructions and everything cleaned up nicely on both attempts (After analyze and under registry tab.)

Edited by Camron23, 03 August 2011 - 01:46 AM.


#14 shreyas1995

shreyas1995

  • Banned
  • 72 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:52 PM

Posted 03 August 2011 - 01:48 AM

pls run ccleaner again as i said before and reboot...

this topic contains 2 pages to go to next page click 2 located at the botttom of this page i guess u didnt realise this :clapping:

Edited by shreyas1995, 03 August 2011 - 04:01 AM.


#15 Camron23

Camron23
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 03 August 2011 - 01:49 AM

Great! That new link worked and I was able to update the program.

It found and deleted a worm so that's good. Here is the log:


03 Aug 2011 00:43:09 - **********************************************************

03 Aug 2011 00:43:09 - MWAV - eScanAV AntiVirus Toolkit.

03 Aug 2011 00:43:09 - Copyright © MicroWorld Technologies

03 Aug 2011 00:43:09 - **********************************************************

03 Aug 2011 00:43:09 - Source: C:\Users\Camron\Downloads\mwav.exe

03 Aug 2011 00:43:09 - Version 12.0.162 (C:\USERS\CAMRON\APPDATA\LOCAL\TEMP\MEXETMP.EX~)

03 Aug 2011 00:43:09 - Log File: C:\Users\Camron\AppData\Local\Temp\MWAV.LOG

03 Aug 2011 00:43:09 - MWAV Registered: TRUE

03 Aug 2011 00:43:09 - User Account: Camron (Administrator Mode)

03 Aug 2011 00:43:09 - OS Type: Windows Workstation

03 Aug 2011 00:43:09 - OS: Windows 7 64-Bit [OS Install Date: 10 Apr 2010 15:14:30]

03 Aug 2011 00:43:09 - Ver: Professional (Build 7600)

03 Aug 2011 00:43:09 - System Up Time: 1 Day, 4 Hours, 50 Minutes, 23 Seconds



03 Aug 2011 00:43:09 - Parent Process Name : C:\Users\Camron\AppData\Local\Temp\mexe.com

03 Aug 2011 00:43:09 - Windows Root Folder: C:\Windows

03 Aug 2011 00:43:09 - Windows Sys32 Folder: C:\Windows\system32

03 Aug 2011 00:43:09 - DHCP NameServer: 192.168.0.1

03 Aug 2011 00:43:09 - Interface0 DHCPNameServer: 192.168.0.1

03 Aug 2011 00:43:09 - Local Fixed Drives: c:\

03 Aug 2011 00:43:09 - MWAV Mode: Scan and Clean files (for viruses, adware and spyware)

03 Aug 2011 00:43:09 - [CREATED ZIP FILE: C:\Users\Camron\AppData\Local\Temp\pinfect.zip]



03 Aug 2011 00:43:09 - ****** Files/Folders created/modified during last fortnight in Windows and ROOT Folder ******

03 Aug 2011 00:43:10 - C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll (3072), 02-Aug-2011 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll to ZIP FILE]

03 Aug 2011 00:43:10 - C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll (3072), 02-Aug-2011 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll to ZIP FILE]

03 Aug 2011 00:43:10 - C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll (3072), 02-Aug-2011 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll to ZIP FILE]

03 Aug 2011 00:43:10 - C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll (3072), 02-Aug-2011 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll to ZIP FILE]

03 Aug 2011 00:43:10 - C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll (3072), 02-Aug-2011 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll to ZIP FILE]

03 Aug 2011 00:43:10 - C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll (3072), 02-Aug-2011 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll to ZIP FILE]

03 Aug 2011 00:43:10 - C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll (5120), 02-Aug-2011 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll to ZIP FILE]

03 Aug 2011 00:43:10 - C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll (3072), 02-Aug-2011 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll to ZIP FILE]

03 Aug 2011 00:43:10 - C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll (3584), 02-Aug-2011 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll to ZIP FILE]

03 Aug 2011 00:43:10 - C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll (3584), 02-Aug-2011 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll to ZIP FILE]

03 Aug 2011 00:43:10 - C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll (3072), 02-Aug-2011 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll to ZIP FILE]

03 Aug 2011 00:43:10 - C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll (3584), 02-Aug-2011 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll to ZIP FILE]

03 Aug 2011 00:43:10 - C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll (4096), 02-Aug-2011 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll to ZIP FILE]

03 Aug 2011 00:43:10 - C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll (4096), 02-Aug-2011 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll to ZIP FILE]

03 Aug 2011 00:43:10 - C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll (3584), 02-Aug-2011 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll to ZIP FILE]

03 Aug 2011 00:43:10 - C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll (4096), 02-Aug-2011 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll to ZIP FILE]

03 Aug 2011 00:43:10 - C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll (3584), 02-Aug-2011 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll to ZIP FILE]

03 Aug 2011 00:43:10 - C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll (3584), 02-Aug-2011 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll to ZIP FILE]

03 Aug 2011 00:43:10 - C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll (4608), 02-Aug-2011 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll to ZIP FILE]

03 Aug 2011 00:43:10 - C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll (3072), 02-Aug-2011 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll to ZIP FILE]

03 Aug 2011 00:43:10 - C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll (3072), 02-Aug-2011 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll to ZIP FILE]

03 Aug 2011 00:43:10 - C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll (3072), 02-Aug-2011 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll to ZIP FILE]

03 Aug 2011 00:43:10 - C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll (4096), 02-Aug-2011 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll to ZIP FILE]

03 Aug 2011 00:43:10 - C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll (4096), 02-Aug-2011 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll to ZIP FILE]

03 Aug 2011 00:43:10 - C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll (4608), 02-Aug-2011 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll to ZIP FILE]

03 Aug 2011 00:43:10 - C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll (3072), 02-Aug-2011 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll to ZIP FILE]

03 Aug 2011 00:43:10 - C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll (3584), 02-Aug-2011 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll to ZIP FILE]

03 Aug 2011 00:43:10 - C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll (6144), 02-Aug-2011 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll to ZIP FILE]

03 Aug 2011 00:43:10 - C:\Windows\system32\api-ms-win-security-lsalookup-l1-1-0.dll (3584), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System

03 Aug 2011 00:43:10 - C:\Windows\system32\api-ms-win-security-sddl-l1-1-0.dll (3072), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System

03 Aug 2011 00:43:10 - C:\Windows\system32\api-ms-win-service-core-l1-1-0.dll (2560), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System

03 Aug 2011 00:43:10 - C:\Windows\system32\api-ms-win-service-management-l1-1-0.dll (2560), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System

03 Aug 2011 00:43:10 - C:\Windows\system32\api-ms-win-service-management-l2-1-0.dll (2560), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System

03 Aug 2011 00:43:10 - C:\Windows\system32\api-ms-win-service-winsvc-l1-1-0.dll (3584), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System

03 Aug 2011 00:43:10 - C:\Windows\system32\instnm.exe (7680), 02-Aug-2011, Microsoft Corporation, Microsoft® Windows® Operating System

03 Aug 2011 00:43:10 - C:\Windows\system32\IS3Win325.dll (230864), 29-Jul-2011, iS3, Inc., iS3 Common Libraries

03 Aug 2011 00:43:10 - C:\Windows\system32\kernel32.dll (837120), 02-Aug-2011, Microsoft Corporation, Microsoft® Windows® Operating System

03 Aug 2011 00:43:10 - C:\Windows\system32\KernelBase.dll (272384), 02-Aug-2011, Microsoft Corporation, Microsoft® Windows® Operating System

03 Aug 2011 00:43:10 - C:\Windows\system32\ntvdm64.dll (14336), 02-Aug-2011, Microsoft Corporation, Microsoft® Windows® Operating System

03 Aug 2011 00:43:10 - C:\Windows\system32\setup16.exe (25600), 02-Aug-2011, Microsoft Corporation, Microsoft® Windows® Operating System

03 Aug 2011 00:43:10 - C:\Windows\system32\wow32.dll (5120), 02-Aug-2011, Microsoft Corporation, Microsoft® Windows® Operating System

03 Aug 2011 00:43:10 - C:\Users\Camron\AppData\Local\Temp\~DF222A9D72430468DE.TMP (98304), 02-Aug-2011 [Unable to Add C:\Users\Camron\AppData\Local\Temp\~DF222A9D72430468DE.TMP to ZIP FILE! ResultCode: 512]



03 Aug 2011 00:43:10 - C:\Windows\BitLockerDiscoveryVolumeContents, 14-Jul-2009 [HS] [Folder]

03 Aug 2011 00:43:10 - C:\Windows\Fonts, 14-Jul-2009 [SR] [Folder]

03 Aug 2011 00:43:10 - C:\Windows\ftpcache, 11-Apr-2010 [HS] [Folder]

03 Aug 2011 00:43:10 - C:\2eef8538904690aec54d460257d643, 02-Aug-2011 [Folder]

03 Aug 2011 00:43:10 - C:\Documents and Settings, 14-Jul-2009 [HS] [Folder]

03 Aug 2011 00:43:10 - C:\Recovery, 10-Apr-2010 [HS] [Folder]

03 Aug 2011 00:43:10 - C:\Users\Camron\AppData\Local\Temp\Low, 01-Aug-2011 [Folder]

03 Aug 2011 00:43:10 - C:\Users\Camron\AppData\Roaming\Microsoft, 10-Apr-2010 [S] [Folder]

03 Aug 2011 00:43:10 - C:\ProgramData\Application Data, 14-Jul-2009 [HS] [Folder]

03 Aug 2011 00:43:10 - C:\ProgramData\Desktop, 14-Jul-2009 [HS] [Folder]

03 Aug 2011 00:43:10 - C:\ProgramData\Documents, 14-Jul-2009 [HS] [Folder]

03 Aug 2011 00:43:10 - C:\ProgramData\Hitman Pro, 02-Aug-2011 [Folder]

03 Aug 2011 00:43:10 - C:\ProgramData\Kaspersky Lab, 02-Aug-2011 [Folder]

03 Aug 2011 00:43:10 - C:\ProgramData\Microsoft, 14-Jul-2009 [S] [Folder]

03 Aug 2011 00:43:10 - C:\ProgramData\Start Menu, 14-Jul-2009 [HS] [Folder]

03 Aug 2011 00:43:10 - C:\ProgramData\STOPzilla!, 02-Aug-2011 [Folder]

03 Aug 2011 00:43:10 - C:\ProgramData\Templates, 14-Jul-2009 [HS] [Folder]

03 Aug 2011 00:43:10 - C:\ProgramData\..\2eef8538904690aec54d460257d643, 02-Aug-2011 [Folder]

03 Aug 2011 00:43:10 - C:\ProgramData\..\Documents and Settings, 14-Jul-2009 [HS] [Folder]

03 Aug 2011 00:43:10 - C:\ProgramData\..\Recovery, 10-Apr-2010 [HS] [Folder]

03 Aug 2011 00:43:10 - C:\Program Files (x86)\STOPzilla!, 02-Aug-2011 [Folder]

03 Aug 2011 00:43:10 - C:\Program Files (x86)\Common Files\iS3, 02-Aug-2011 [Folder]



03 Aug 2011 00:43:10 - *********************************************************************************************



03 Aug 2011 00:43:10 - Command Line Options Given: /xsign

03 Aug 2011 00:43:11 - Latest Date of files inside MWAV: Wed Aug 3 09:14:02 2011.

03 Aug 2011 00:43:11 - Plugins FileCount: 892 Sign Version: 7.38492

03 Aug 2011 00:43:11 - Loading/Creating FileScan Database C:\ProgramData\MicroWorld\MWAV\ESCANDBX.MDB [Log: C:\Users\Camron\AppData\Local\Temp\ESCANDB.LOG]

03 Aug 2011 00:43:11 - Loaded/Created FileScan Database...

03 Aug 2011 00:43:11 - Loading AV Library [DB]...

03 Aug 2011 00:43:16 - AV Library Loaded [DB-DIRECT].

03 Aug 2011 00:43:16 - MWAV doing self scanning...

03 Aug 2011 00:43:16 - MWAV files are clean.
03 Aug 2011 00:43:29 - Virus Database Date: 02 Aug 2011
03 Aug 2011 00:43:29 - Virus Database Count: 8706737
03 Aug 2011 00:43:31 - Downloading AntiVirus and Anti-Spyware Databases...
03 Aug 2011 00:43:35 - Update Successful...
03 Aug 2011 00:43:37 - Old Sign Version: 7.38492 New Sign Version: 7.38492
03 Aug 2011 00:43:37 - Not Reloading the AntiVirus Database, as Signatures are Same...

03 Aug 2011 00:43:59 - **********************************************************
03 Aug 2011 00:43:59 - MWAV - eScanAV AntiVirus Toolkit.
03 Aug 2011 00:43:59 - Copyright © MicroWorld Technologies
03 Aug 2011 00:43:59 -
03 Aug 2011 00:43:59 - Support: support@escanav.com
03 Aug 2011 00:43:59 - Web: http://www.escanav.com
03 Aug 2011 00:43:59 - **********************************************************
03 Aug 2011 00:43:59 - Version 12.0.162[DB] (C:\USERS\CAMRON\APPDATA\LOCAL\TEMP\MEXETMP.EX~)
03 Aug 2011 00:43:59 - Log File: C:\Users\Camron\AppData\Local\Temp\MWAV.LOG
03 Aug 2011 00:43:59 - User Account: Camron (Administrator Mode)
03 Aug 2011 00:43:59 - Parent Process Name : C:\Users\Camron\AppData\Local\Temp\mexe.com
03 Aug 2011 00:43:59 - Windows Root Folder: C:\Windows
03 Aug 2011 00:43:59 - Windows Sys32 Folder: C:\Windows\system32
03 Aug 2011 00:43:59 - OS: Windows 7 64-Bit [OS Install Date: 10 Apr 2010 15:14:30]
03 Aug 2011 00:43:59 - Ver: Professional (Build 7600)
03 Aug 2011 00:43:59 - Latest Date of files inside MWAV: Wed Aug 3 09:14:02 2011.
03 Aug 2011 00:43:59 - Plugins FileCount: 892 Sign Version: 7.38492

03 Aug 2011 00:43:59 - Options Selected by User:
03 Aug 2011 00:43:59 - Memory Check: Enabled
03 Aug 2011 00:43:59 - Registry Check: Enabled
03 Aug 2011 00:43:59 - StartUp Folder Check: Enabled
03 Aug 2011 00:43:59 - System Folder Check: Enabled
03 Aug 2011 00:43:59 - Services Check: Enabled
03 Aug 2011 00:43:59 - Scan Spyware: Enabled
03 Aug 2011 00:43:59 - Drive Check Option Disabled
03 Aug 2011 00:43:59 - Folder Check: Disabled
03 Aug 2011 00:43:59 - SCAN: All_Files
03 Aug 2011 00:43:59 - MWAV Mode: Scan and Clean files (for viruses, adware and spyware)


03 Aug 2011 00:43:59 - ***** Scanning Memory Files *****

03 Aug 2011 00:44:04 - ***** Scanning Registry Files *****

03 Aug 2011 00:44:05 - ***** Scanning StartUp Folders *****
03 Aug 2011 00:44:28 - Scanning File C:\Users\Camron\Desktop\songs\Wiz Khalifa - We Drift Deeper ? (2011!).mp3
03 Aug 2011 00:44:28 - ERROR(3)!!! ScanFile fails for C:\Users\Camron\Desktop\songs\Wiz Khalifa - We Drift Deeper ? (2011!).mp3

03 Aug 2011 00:44:31 - ***** Scanning Service Files *****
03 Aug 2011 00:44:32 - ERROR(2)!!! Invalid Entry system32\DRIVERS\atipmdag.sys. Action Taken: Removing HKLM\SYSTEM\CurrentControlSet\Services\amdkmdag.

03 Aug 2011 00:44:34 - ***** Scanning Registry and File system for Adware/Spyware *****
03 Aug 2011 00:44:35 - Loading Spyware Signatures from new External Database [Name: C:\Users\Camron\AppData\Local\Temp\spydb.avs, Size: 977911]...
03 Aug 2011 00:44:35 - Indexed Spyware Databases Successfully Created...

03 Aug 2011 00:44:47 - Offending Registry Entry found: HKCU\Software\Classes\.exe
03 Aug 2011 00:44:47 - System found infected with XP AntiMalware Spyware/Adware (HKCU\Software\Classes\.exe)! Action taken: Entries Removed.
03 Aug 2011 00:44:47 - Object "XP AntiMalware Spyware/Adware" found in File System! Action Taken: Entries Removed.

03 Aug 2011 00:44:47 - Offending Registry Entry found: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon/Taskman
03 Aug 2011 00:44:47 - System found infected with WORM_PALEVO.KK Worm (HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon/Taskman)! Action taken: Entries Removed.
03 Aug 2011 00:44:47 - Object "WORM_PALEVO.KK Worm" found in File System! Action Taken: Entries Removed.


03 Aug 2011 00:44:47 - ***** Scanning Registry Files *****
03 Aug 2011 00:44:48 - Scanning File C:\Program Files\Alwil Software\Avast5\aswRegSvr.exe (????)
03 Aug 2011 00:44:48 - Clearing Temporary sub-folders as Spyware/Adware found in system...
03 Aug 2011 00:44:48 - Few files will be deleted *ONLY* on reboot...
03 Aug 2011 00:44:48 - Few files will be deleted *ONLY* on reboot...
03 Aug 2011 00:44:48 - ** Value in HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\main/Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
03 Aug 2011 00:44:48 - ** Deleted Value of "NoActiveDesktop" in "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer". Its value was DWORD:1.
03 Aug 2011 00:44:48 - ** Deleted Value of "ForceActiveDesktopOn" in "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer". Its value was DWORD:0.
03 Aug 2011 00:44:48 - ** Deleted Value of "NoChangingWallPaper" in "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop". Its value was DWORD:0.
03 Aug 2011 00:44:48 - ** Value in HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\main/Start Page = http://www.yahoo.com/

03 Aug 2011 00:44:48 - ***** Scanning System32 Folders *****

03 Aug 2011 00:45:14 - C:\Users\Camron\AppData\Local\Temp\bdcore.dll.27919542.mwt File already Scanned once... not able to clean.
03 Aug 2011 00:45:15 - Scanning File C:\Users\Camron\AppData\Local\Temp\IswTmp\Logs\FFApi.swl
03 Aug 2011 00:45:15 - ERROR(3)!!! ScanFile fails for C:\Users\Camron\AppData\Local\Temp\IswTmp\Logs\FFApi.swl

03 Aug 2011 00:45:21 - ***** Checking for specific ITW Viruses *****

03 Aug 2011 00:45:21 - ***** Scanning complete. *****

03 Aug 2011 00:45:21 - Total Objects Scanned: 68133
03 Aug 2011 00:45:21 - Total Critical Objects: 2
03 Aug 2011 00:45:21 - Total Disinfected Objects: 0
03 Aug 2011 00:45:21 - Total Objects Renamed: 0
03 Aug 2011 00:45:21 - Total Deleted Objects: 2
03 Aug 2011 00:45:21 - Total Errors: 1
03 Aug 2011 00:45:21 - Time Elapsed: 00:01:21
03 Aug 2011 00:45:21 - Virus Database Date: 02 Aug 2011
03 Aug 2011 00:45:21 - Virus Database Count: 8706737

03 Aug 2011 00:45:21 - Scan Completed.

Edited by Camron23, 03 August 2011 - 02:48 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users