Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search Results Redirect in Firefox


  • Please log in to reply
20 replies to this topic

#1 Necroxia

Necroxia

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 02 August 2011 - 01:44 AM

Windows XP Pro SP3
Avast Antivirus
Malware Bytes AntiMalware

Search results in Firefox are being redirected. So far it appears to be only Google and Bing that have been redirected.

BC AdBot (Login to Remove)

 


#2 shreyas1995

shreyas1995

  • Banned
  • 72 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:56 PM

Posted 02 August 2011 - 01:59 AM

http://www.bleepingcomputer.com/forums/topic412458.html/page__gopid__2356001#entry2356001


i have given advice here pls read it.


next


*Open malwarebytes.
*go to update tab,click update now.
*after the update is complete,go to the scanner tab.
*go for a quick scan.
*After scan is compete.Click show results.
*Make sure all the infections found are checked.
*Click remove selected.Allow it to remove infections.
*After the completion of the removal,a log will be generated.
*Post that log here on next reply.

#3 Necroxia

Necroxia
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 02 August 2011 - 09:33 AM

Mod Edit: DDS/HijackThis log removed; not permitted in this forum.

Edited by quietman7, 04 August 2011 - 08:12 AM.


#4 shreyas1995

shreyas1995

  • Banned
  • 72 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:56 PM

Posted 02 August 2011 - 09:43 AM

someone from bc staff will come to assist u soon.....i have posted a short advice above u can follow it.... :thumbup2:

Edited by shreyas1995, 02 August 2011 - 09:44 AM.


#5 Necroxia

Necroxia
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 02 August 2011 - 12:43 PM

someone from bc staff will come to assist u soon.....i have posted a short advice above u can follow it.... :thumbup2:


Saw it after I posted the log. After I finish running GMER, I'll run the Kaspersky scan. Oddly enough MB active protection was blocking a bunch of 'malicious' IP addresses an hour or so ago.

Edited by Necroxia, 02 August 2011 - 01:13 PM.


#6 Necroxia

Necroxia
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 02 August 2011 - 02:49 PM

MBAM and Kaspersky reported nothing.

#7 shreyas1995

shreyas1995

  • Banned
  • 72 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:56 PM

Posted 02 August 2011 - 08:25 PM

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.

#8 Necroxia

Necroxia
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 02 August 2011 - 11:06 PM

Nothing but tracking cookies from SAS

#9 shreyas1995

shreyas1995

  • Banned
  • 72 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:56 PM

Posted 03 August 2011 - 01:06 AM

Let us go deeper:

*Download escan removal tool.it will download two files.
http://www.escanav.com/english/content/products/MWAV/escan_mwav.asp

* To remove escan setup properly from your system just run esremove.exe .

*After unistallation complete you will get pop "eScan removed Sucessfully."

*After download completion,double click on saved file.

*The scan window will open,update if asked otherwise perform a full scan.

*IT will remove anything found automaticlly.

*Come back with results.

Edited by shreyas1995, 03 August 2011 - 01:46 AM.


#10 Necroxia

Necroxia
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 03 August 2011 - 01:25 AM

I only see one file, esremove.exe

#11 shreyas1995

shreyas1995

  • Banned
  • 72 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:56 PM

Posted 03 August 2011 - 01:32 AM

ok no problem...

#12 Necroxia

Necroxia
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 03 August 2011 - 01:38 AM

You can't scan with esremove, it's just a removal tool. Any suggestions?

#13 shreyas1995

shreyas1995

  • Banned
  • 72 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:56 PM

Posted 03 August 2011 - 01:47 AM

http://update1.mwti.net/akdlm/download/tools/mwav.exe

direct download link....sorry for the orginal link.

Edited by shreyas1995, 03 August 2011 - 01:57 AM.


#14 Necroxia

Necroxia
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 03 August 2011 - 02:42 PM

03 Aug 2011 03:24:45 - **********************************************************

03 Aug 2011 03:24:45 - MWAV - eScanAV AntiVirus Toolkit.

03 Aug 2011 03:24:45 - Copyright © MicroWorld Technologies

03 Aug 2011 03:24:45 - **********************************************************

03 Aug 2011 03:24:45 - Source: C:\DOCUME~1\Eric\Desktop\mwav.exe

03 Aug 2011 03:24:45 - Version 12.0.162 (C:\DOCUMENTS AND SETTINGS\ERIC\LOCAL SETTINGS\TEMP\MEXETMP.EX~)

03 Aug 2011 03:24:45 - Log File: C:\Documents and Settings\Eric\Local Settings\temp\MWAV.LOG

03 Aug 2011 03:24:45 - MWAV Registered: TRUE

03 Aug 2011 03:24:45 - User Account: Eric (Administrator Mode)

03 Aug 2011 03:24:45 - OS Type: Windows Workstation

03 Aug 2011 03:24:45 - OS: Windows XP [OS Install Date: 18 Dec 2010 20:47:21]

03 Aug 2011 03:24:45 - Ver: Service Pack 3 (Build 2600)

03 Aug 2011 03:24:45 - System Up Time: 2 Days, 0 Hour, 31 Minutes, 25 Seconds



03 Aug 2011 03:24:45 - Windows Root Folder: C:\WINDOWS

03 Aug 2011 03:24:45 - Windows Sys32 Folder: C:\WINDOWS\system32

03 Aug 2011 03:24:46 - DHCP NameServer:

03 Aug 2011 03:24:46 - Interface0 DHCPNameServer:

03 Aug 2011 03:24:46 - Local Fixed Drives: c:\

03 Aug 2011 03:24:46 - MWAV Mode: Scan and Clean files (for viruses, adware and spyware)

03 Aug 2011 03:24:46 - [CREATED ZIP FILE: C:\Documents and Settings\Eric\Local Settings\temp\pinfect.zip]



03 Aug 2011 03:24:46 - ****** Files/Folders created/modified during last fortnight in Windows and ROOT Folder ******

03 Aug 2011 03:24:46 - C:\WINDOWS\system32\deployJava1.dll (472808), 22-Jul-2011, Sun Microsystems, Inc., Java™ Platform SE 6 U26

03 Aug 2011 03:24:46 - C:\WINDOWS\system32\DNIN50.dll (94208), 30-Jul-2011, Printing Communications Assoc., Inc. (PCAUSA), PCAUSA Rawether for Windows

03 Aug 2011 03:24:46 - C:\WINDOWS\system32\DNINDIS5.sys (17149), 30-Jul-2011, Printing Communications Assoc., Inc. (PCAUSA), PCAUSA Rawether for Windows

03 Aug 2011 03:24:46 - C:\WINDOWS\system32\FlashPlayerCPLApp.cpl (404640), 19-Jul-2011, Adobe Systems Incorporated, Adobe Flash Player Control Panel Applet

03 Aug 2011 03:24:47 - C:\WINDOWS\system32\pwdrvio.sys (16472), 21-Jul-2011 [Added C:\WINDOWS\system32\pwdrvio.sys to ZIP FILE]

03 Aug 2011 03:24:47 - C:\WINDOWS\system32\pwdspio.sys (11104), 21-Jul-2011 [Added C:\WINDOWS\system32\pwdspio.sys to ZIP FILE]

03 Aug 2011 03:24:48 - C:\WINDOWS\system32\pwNative.exe (725064), 21-Jul-2011 [Added C:\WINDOWS\system32\pwNative.exe to ZIP FILE]

03 Aug 2011 03:24:48 - C:\WINDOWS\system32\v3shrtkgn.dll (81920), 10-Jun-2011 [H] [Added C:\WINDOWS\system32\v3shrtkgn.dll to ZIP FILE]

03 Aug 2011 03:24:48 - C:\WINDOWS\system32\WdfCoInstaller01005.dll (1416680), 19-Jul-2011, Microsoft Corporation, Microsoft® Windows® Operating System

03 Aug 2011 03:24:48 - C:\WINDOWS\system32\drivers\79055075.sys (133208), 03-Aug-2011, Kaspersky Lab ZAO, Kaspersky Anti-Virus

03 Aug 2011 03:24:48 - C:\WINDOWS\system32\drivers\AegisP.sys (21275), 30-Jul-2011, Meetinghouse Data Communications, AEGIS Client 3.4.10.0

03 Aug 2011 03:24:48 - C:\WINDOWS\system32\drivers\ar5523.bin (155624), 30-Jul-2011 [Added C:\WINDOWS\system32\drivers\ar5523.bin to ZIP FILE]

03 Aug 2011 03:24:48 - C:\WINDOWS\system32\drivers\lgandadb.sys (25728), 01-Aug-2011, Google Inc, Google Android USB Driver

03 Aug 2011 03:24:48 - C:\WINDOWS\system32\drivers\lgandbus.sys (14336), 01-Aug-2011, LG Electronics Inc., LGE Android Platform Driver

03 Aug 2011 03:24:48 - C:\WINDOWS\system32\drivers\lganddiag.sys (20864), 01-Aug-2011, LG Electronics Inc., LGE Android Platform Driver

03 Aug 2011 03:24:48 - C:\WINDOWS\system32\drivers\lgandgps.sys (19968), 01-Aug-2011, LG Electronics Inc., LGE Android Platform Driver

03 Aug 2011 03:24:48 - C:\WINDOWS\system32\drivers\lgandmodem.sys (24960), 01-Aug-2011, LG Electronics Inc., LGE Android Platform Driver

03 Aug 2011 03:24:48 - C:\WINDOWS\system32\drivers\snapman.sys (139264), 22-Jul-2011, Acronis, Acronis Snapshot API

03 Aug 2011 03:24:48 - C:\WINDOWS\system32\drivers\ssadadb.sys (30312), 19-Jul-2011, Google Inc, Google Android USB Driver

03 Aug 2011 03:24:48 - C:\WINDOWS\system32\drivers\ssadbus.sys (96488), 19-Jul-2011, MCCI Corporation, SAMSUNG Android USB Composite Device

03 Aug 2011 03:24:48 - C:\WINDOWS\system32\drivers\ssadcm.sys (10344), 19-Jul-2011, MCCI Corporation, SAMSUNG Android USB Diagnostic Serial Port

03 Aug 2011 03:24:48 - C:\WINDOWS\system32\drivers\ssadcmnt.sys (10344), 19-Jul-2011, MCCI Corporation, SAMSUNG Android USB Diagnostic Serial Port

03 Aug 2011 03:24:48 - C:\WINDOWS\system32\drivers\ssadmdfl.sys (12776), 19-Jul-2011, MCCI Corporation, SAMSUNG Android USB Modem Filter Driver

03 Aug 2011 03:24:48 - C:\WINDOWS\system32\drivers\ssadmdm.sys (121576), 19-Jul-2011, MCCI Corporation, SAMSUNG Android USB Modem

03 Aug 2011 03:24:48 - C:\WINDOWS\system32\drivers\ssadserd.sys (98152), 19-Jul-2011, MCCI Corporation, SAMSUNG Android USB Diagnostic Serial Port

03 Aug 2011 03:24:48 - C:\WINDOWS\system32\drivers\ssadwh.sys (10216), 19-Jul-2011, MCCI Corporation, SAMSUNG Android USB Composite Device

03 Aug 2011 03:24:48 - C:\WINDOWS\system32\drivers\ssadwhnt.sys (10216), 19-Jul-2011, MCCI Corporation, SAMSUNG Android USB Composite Device

03 Aug 2011 03:24:48 - C:\WINDOWS\system32\drivers\WdfCoInstaller01005.dll (1416680), 19-Jul-2011, Microsoft Corporation, Microsoft® Windows® Operating System

03 Aug 2011 03:24:48 - C:\WINDOWS\system32\drivers\WPN111.sys (384608), 30-Jul-2011, Atheros Communications, Inc., Atheros AR5005 Wireless USB Network Adapter

03 Aug 2011 03:24:48 - C:\DOCUME~1\Eric\LOCALS~1\Temp\SSUPDATE.EXE (386944), 03-Aug-2011, SUPERAntiSpyware.com, SUPERAntiSpyware Update Application

03 Aug 2011 03:24:50 - C:\DOCUME~1\Eric\LOCALS~1\Temp\UPDLL10.DLL (904712), 03-Aug-2011, MicroWorld Technologies Inc., eScan/MailScan/MWAV



03 Aug 2011 03:24:50 - C:\WINDOWS\$hf_mig$, 19-Dec-2010 [H] [Folder]

03 Aug 2011 03:24:50 - C:\WINDOWS\$MSI31Uninstall_KB893803v2$, 19-Dec-2010 [H] [Folder]

03 Aug 2011 03:24:50 - C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$, 09-Feb-2011 [H] [Folder]

03 Aug 2011 03:24:50 - C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$, 09-Feb-2011 [H] [Folder]

03 Aug 2011 03:24:50 - C:\WINDOWS\$NtUninstallWdf01005$, 19-Jul-2011 [H] [Folder]

03 Aug 2011 03:24:50 - C:\WINDOWS\$NtUninstallWMFDist11$, 12-Jun-2011 [H] [Folder]

03 Aug 2011 03:24:50 - C:\WINDOWS\$NtUninstallWudf01000$, 12-Jun-2011 [H] [Folder]

03 Aug 2011 03:24:50 - C:\WINDOWS\CSC, 19-May-2011 [HS] [Folder]

03 Aug 2011 03:24:50 - C:\WINDOWS\Fonts, 18-Dec-2010 [SR] [Folder]

03 Aug 2011 03:24:50 - C:\WINDOWS\ie7, 09-Feb-2011 [H] [Folder]

03 Aug 2011 03:24:50 - C:\WINDOWS\inf, 18-Dec-2010 [H] [Folder]

03 Aug 2011 03:24:50 - C:\WINDOWS\LastGood, 01-Aug-2011 [Folder]

03 Aug 2011 03:24:50 - C:\WINDOWS\PIF, 16-May-2011 [H] [Folder]

03 Aug 2011 03:24:50 - C:\WINDOWS\system32\dllcache, 18-Dec-2010 [HSR] [Folder]

03 Aug 2011 03:24:50 - C:\WINDOWS\system32\GroupPolicy, 17-May-2011 [H] [Folder]

03 Aug 2011 03:24:50 - C:\WINDOWS\system32\Microsoft, 19-Dec-2010 [S] [Folder]

03 Aug 2011 03:24:50 - C:\32788R22FWJFW, 21-Jul-2011 [S] [Folder]

03 Aug 2011 03:24:50 - C:\cmdcons, 19-May-2011 [HSR] [Folder]

03 Aug 2011 03:24:50 - C:\ComboFix, 21-Jul-2011 [S] [Folder]

03 Aug 2011 03:24:50 - C:\DriveKey, 21-Jul-2011 [Folder]

03 Aug 2011 03:24:50 - C:\DOCUME~1\Eric\LOCALS~1\Temp\rd550.tmp, 30-Jul-2011 [Folder]

03 Aug 2011 03:24:50 - C:\DOCUME~1\Eric\LOCALS~1\Temp\rd5FC.tmp, 02-Aug-2011 [Folder]

03 Aug 2011 03:24:50 - C:\Documents and Settings\Eric\Application Data\Dropbox, 31-Jul-2011 [Folder]

03 Aug 2011 03:24:50 - C:\Documents and Settings\Eric\Application Data\gtk-2.0, 22-Jul-2011 [Folder]

03 Aug 2011 03:24:50 - C:\Documents and Settings\Eric\Application Data\Microsoft, 15-Apr-2011 [S] [Folder]

03 Aug 2011 03:24:50 - C:\Documents and Settings\Eric\Application Data\mjusbsp, 28-Jul-2011 [Folder]

03 Aug 2011 03:24:50 - C:\Documents and Settings\Eric\Application Data\..\Application Data, 15-Apr-2011   [Folder]

03 Aug 2011 03:24:50 - C:\Documents and Settings\Eric\Application Data\..\Local Settings, 15-Apr-2011 [H] [Folder]

03 Aug 2011 03:24:50 - C:\Documents and Settings\Eric\Application Data\..\NetHood, 15-Apr-2011 [H] [Folder]

03 Aug 2011 03:24:50 - C:\Documents and Settings\Eric\Application Data\..\Recent, 02-Aug-2011   [Folder]

03 Aug 2011 03:24:50 - C:\Documents and Settings\Eric\Application Data\..\SendTo, 15-Apr-2011   [Folder]

03 Aug 2011 03:24:50 - C:\Documents and Settings\Eric\Application Data\..\Templates, 15-Apr-2011 [H] [Folder]

03 Aug 2011 03:24:50 - C:\Documents and Settings\All Users\Application Data\Dell, 23-Jul-2011 [Folder]

03 Aug 2011 03:24:50 - C:\Documents and Settings\All Users\Application Data\magicJack, 28-Jul-2011 [Folder]

03 Aug 2011 03:24:50 - C:\Documents and Settings\All Users\Application Data\Microsoft, 18-Dec-2010 [S] [Folder]

03 Aug 2011 03:24:50 - C:\Documents and Settings\All Users\Application Data\Samsung, 19-Jul-2011 [Folder]

03 Aug 2011 03:24:50 - C:\Documents and Settings\All Users\Application Data\Sun, 22-Jul-2011 [Folder]

03 Aug 2011 03:24:50 - C:\Documents and Settings\All Users\Application Data\SupportSoft, 23-Jul-2011 [Folder]

03 Aug 2011 03:24:50 - C:\Documents and Settings\All Users\Application Data\..\Application Data, 18-Dec-2010   [Folder]

03 Aug 2011 03:24:50 - C:\Documents and Settings\All Users\Application Data\..\DRM, 19-Dec-2010 [HS] [Folder]

03 Aug 2011 03:24:50 - C:\Documents and Settings\All Users\Application Data\..\Templates, 18-Dec-2010 [H] [Folder]

03 Aug 2011 03:24:50 - C:\Program Files\Acronis, 22-Jul-2011 [Folder]

03 Aug 2011 03:24:50 - C:\Program Files\Dell Support Center, 23-Jul-2011 [Folder]

03 Aug 2011 03:24:50 - C:\Program Files\Driver-Soft, 22-Jul-2011 [Folder]

03 Aug 2011 03:24:50 - C:\Program Files\ImgBurn, 22-Jul-2011 [Folder]

03 Aug 2011 03:24:50 - C:\Program Files\LinuxLive USB Creator, 21-Jul-2011 [Folder]

03 Aug 2011 03:24:50 - C:\Program Files\NETGEAR, 30-Jul-2011 [Folder]

03 Aug 2011 03:24:50 - C:\Program Files\SAMSUNG, 19-Jul-2011 [Folder]

03 Aug 2011 03:24:50 - C:\Program Files\TVersity, 30-Jul-2011 [Folder]

03 Aug 2011 03:24:50 - C:\Program Files\TVersity Codec Pack, 30-Jul-2011 [Folder]

03 Aug 2011 03:24:50 - C:\Program Files\WindowsUpdate, 19-Dec-2010 [H] [Folder]

03 Aug 2011 03:24:50 - C:\Program Files\Common Files\Acronis, 22-Jul-2011 [Folder]

03 Aug 2011 03:24:50 - C:\Program Files\Common Files\Java, 22-Jul-2011 [Folder]

03 Aug 2011 03:24:50 - C:\Program Files\Common Files\supportsoft, 23-Jul-2011 [Folder]



03 Aug 2011 03:24:50 - *********************************************************************************************



03 Aug 2011 03:24:50 - Command Line Options Given: /xsign

03 Aug 2011 03:25:26 - Latest Date of files inside MWAV: Wed Aug 3 09:14:02 2011.

03 Aug 2011 03:25:26 - Plugins FileCount: 892 Sign Version: 7.38492

03 Aug 2011 03:25:26 - Loading/Creating FileScan Database C:\Documents and Settings\All Users\Application Data\MicroWorld\MWAV\ESCANDBX.MDB [Log: C:\Documents and Settings\Eric\Local Settings\temp\ESCANDB.LOG]

03 Aug 2011 03:25:28 - Loaded/Created FileScan Database...

03 Aug 2011 03:25:28 - Loading AV Library [DB]...

03 Aug 2011 03:26:01 - AV Library Loaded [DB-DIRECT].

03 Aug 2011 03:26:01 - MWAV doing self scanning...

03 Aug 2011 03:26:01 - MWAV files are clean.
03 Aug 2011 03:32:05 - Virus Database Date: 03 Aug 2011
03 Aug 2011 03:32:05 - Virus Database Count: 8706737

03 Aug 2011 03:32:29 - **********************************************************
03 Aug 2011 03:32:29 - MWAV - eScanAV AntiVirus Toolkit.
03 Aug 2011 03:32:29 - Copyright © MicroWorld Technologies
03 Aug 2011 03:32:29 -
03 Aug 2011 03:32:29 - Support: support@escanav.com
03 Aug 2011 03:32:29 - Web: http://www.escanav.com
03 Aug 2011 03:32:29 - **********************************************************
03 Aug 2011 03:32:29 - Version 12.0.162[DB] (C:\DOCUMENTS AND SETTINGS\ERIC\LOCAL SETTINGS\TEMP\MEXETMP.EX~)
03 Aug 2011 03:32:29 - Log File: C:\Documents and Settings\Eric\Local Settings\temp\MWAV.LOG
03 Aug 2011 03:32:29 - User Account: Eric (Administrator Mode)
03 Aug 2011 03:32:29 - Windows Root Folder: C:\WINDOWS
03 Aug 2011 03:32:29 - Windows Sys32 Folder: C:\WINDOWS\system32
03 Aug 2011 03:32:29 - OS: Windows XP [OS Install Date: 18 Dec 2010 20:47:21]
03 Aug 2011 03:32:29 - Ver: Service Pack 3 (Build 2600)
03 Aug 2011 03:32:29 - Latest Date of files inside MWAV: Wed Aug 3 09:14:02 2011.
03 Aug 2011 03:32:29 - Plugins FileCount: 892 Sign Version: 7.38492

03 Aug 2011 03:32:29 - Options Selected by User:
03 Aug 2011 03:32:29 - Memory Check: Enabled
03 Aug 2011 03:32:29 - Registry Check: Enabled
03 Aug 2011 03:32:29 - StartUp Folder Check: Enabled
03 Aug 2011 03:32:29 - System Folder Check: Enabled
03 Aug 2011 03:32:29 - Services Check: Enabled
03 Aug 2011 03:32:29 - Scan Spyware: Disabled
03 Aug 2011 03:32:29 - Drive Check: Enabled
03 Aug 2011 03:32:29 - All Drive Check :Disabled
03 Aug 2011 03:32:29 - Drive Selected = C:\
03 Aug 2011 03:32:29 - Folder Check: Disabled
03 Aug 2011 03:32:29 - SCAN: All_Files
03 Aug 2011 03:32:29 - MWAV Mode: Scan and Clean files (for viruses, adware and spyware)


03 Aug 2011 03:32:30 - ***** Scanning Memory Files *****

03 Aug 2011 03:33:06 - ***** Scanning Registry Files *****

03 Aug 2011 03:33:22 - ***** Scanning StartUp Folders *****

03 Aug 2011 03:33:33 - ***** Scanning Service Files *****
03 Aug 2011 03:33:34 - ERROR(2)!!! Invalid Entry System32\Drivers\lgandnetadb.sys. Action Taken: Removing HKLM\SYSTEM\CurrentControlSet\Services\andnetadb.
03 Aug 2011 03:33:34 - ERROR(2)!!! Invalid Entry system32\DRIVERS\BlueletSCOAudio.sys. Action Taken: Removing HKLM\SYSTEM\CurrentControlSet\Services\BlueletSCOAudio.
03 Aug 2011 03:33:34 - ERROR(2)!!! Invalid Entry system32\DRIVERS\btnetdrv.sys. Action Taken: Removing HKLM\SYSTEM\CurrentControlSet\Services\BT.
03 Aug 2011 03:33:34 - ERROR(2)!!! Invalid Entry system32\drivers\btaudio.sys. Action Taken: Removing HKLM\SYSTEM\CurrentControlSet\Services\btaudio.
03 Aug 2011 03:33:34 - ERROR(2)!!! Invalid Entry System32\Drivers\btcusb.sys. Action Taken: Removing HKLM\SYSTEM\CurrentControlSet\Services\Btcsrusb.
03 Aug 2011 03:33:34 - ERROR(2)!!! Invalid Entry system32\DRIVERS\btport.sys. Action Taken: Removing HKLM\SYSTEM\CurrentControlSet\Services\BTDriver.
03 Aug 2011 03:33:34 - ERROR(2)!!! Invalid Entry System32\Drivers\vbtenum.sys. Action Taken: Removing HKLM\SYSTEM\CurrentControlSet\Services\BTHidEnum.
03 Aug 2011 03:33:34 - ERROR(2)!!! Invalid Entry System32\Drivers\BTHidMgr.sys. Action Taken: Removing HKLM\SYSTEM\CurrentControlSet\Services\BTHidMgr.
03 Aug 2011 03:33:34 - ERROR(2)!!! Invalid Entry system32\DRIVERS\btkrnl.sys. Action Taken: Removing HKLM\SYSTEM\CurrentControlSet\Services\BTKRNL.
03 Aug 2011 03:33:34 - ERROR(2)!!! Invalid Entry system32\DRIVERS\btwdndis.sys. Action Taken: Removing HKLM\SYSTEM\CurrentControlSet\Services\BTWDNDIS.
03 Aug 2011 03:33:34 - ERROR(2)!!! Invalid Entry \??\C:\DOCUME~1\Eric\LOCALS~1\Temp\catchme.sys. Action Taken: Removing HKLM\SYSTEM\CurrentControlSet\Services\catchme.
03 Aug 2011 03:33:43 - ERROR(2)!!! Invalid Entry system32\DRIVERS\lgusbatos.sys. Action Taken: Removing HKLM\SYSTEM\CurrentControlSet\Services\Usbatos.
03 Aug 2011 03:33:43 - ERROR(2)!!! Invalid Entry system32\DRIVERS\VComm.sys. Action Taken: Removing HKLM\SYSTEM\CurrentControlSet\Services\VComm.
03 Aug 2011 03:33:43 - ERROR(2)!!! Invalid Entry System32\Drivers\VcommMgr.sys. Action Taken: Removing HKLM\SYSTEM\CurrentControlSet\Services\VcommMgr.
03 Aug 2011 03:33:44 - ERROR(2)!!! Invalid Entry \??\C:\DOCUME~1\Eric\LOCALS~1\Temp\kxtcipod.sys. Action Taken: Removing HKLM\SYSTEM\CurrentControlSet\Services\kxtcipod.
03 Aug 2011 03:33:44 - ERROR(2)!!! Invalid Entry \??\C:\DOCUME~1\Eric\LOCALS~1\Temp\mbr.sys. Action Taken: Removing HKLM\SYSTEM\CurrentControlSet\Services\mbr.

03 Aug 2011 03:33:44 - ***** Scanning System32 Folders *****

03 Aug 2011 03:35:19 - C:\Documents and Settings\Eric\Local Settings\temp\bdcore.dll.71814014.mwt File already Scanned once... not able to clean.

03 Aug 2011 03:35:39 - ***** Scanning Drive C:\ *****
03 Aug 2011 03:35:39 - Scanning File C:\32788R22FWJFW\catchme.cfxxe
03 Aug 2011 03:35:40 - File C:\32788R22FWJFW\catchme.cfxxe infected by "Heur.Malware.CA (ES)" Virus! Action Taken: File Renamed.

03 Aug 2011 03:35:43 - Scanning File C:\32788R22FWJFW\NirCmd.cfxxe
03 Aug 2011 03:35:44 - File C:\32788R22FWJFW\NirCmd.cfxxe infected by "Tool-NirCmd.TE (ES)" Virus! Action Taken: File Renamed.

03 Aug 2011 03:35:44 - Scanning File C:\32788R22FWJFW\NIRKMD.cfxxe
03 Aug 2011 03:35:45 - File C:\32788R22FWJFW\NIRKMD.cfxxe infected by "Tool-NirCmd.TE (ES)" Virus! Action Taken: File Renamed.

03 Aug 2011 03:35:52 - Scanning File C:\ComboFix\NIRKMD.cfxxe
03 Aug 2011 03:35:53 - File C:\ComboFix\NIRKMD.cfxxe infected by "Malware.Win32 (ES)" Virus! Action Taken: File Renamed.

03 Aug 2011 03:37:47 - ScanFile took 6688 ms
03 Aug 2011 03:43:16 - Scanning File C:\Documents and Settings\Eric\Application Data\Dropbox\shellext\l\4e364db9_sent
03 Aug 2011 03:43:16 - ERROR(3)!!! ScanFile fails for C:\Documents and Settings\Eric\Application Data\Dropbox\shellext\l\4e364db9_sent
03 Aug 2011 03:43:16 - Scanning File C:\Documents and Settings\Eric\Application Data\Dropbox\shellext\l\4e365d98_sent
03 Aug 2011 03:43:16 - ERROR(3)!!! ScanFile fails for C:\Documents and Settings\Eric\Application Data\Dropbox\shellext\l\4e365d98_sent
03 Aug 2011 03:43:16 - Scanning File C:\Documents and Settings\Eric\Application Data\Dropbox\shellext\l\4e380738_sent
03 Aug 2011 03:43:16 - ERROR(3)!!! ScanFile fails for C:\Documents and Settings\Eric\Application Data\Dropbox\shellext\l\4e380738_sent
03 Aug 2011 03:43:16 - Scanning File C:\Documents and Settings\Eric\Application Data\Dropbox\shellext\l\4e38b616_sent
03 Aug 2011 03:43:16 - ERROR(3)!!! ScanFile fails for C:\Documents and Settings\Eric\Application Data\Dropbox\shellext\l\4e38b616_sent
03 Aug 2011 03:43:16 - Scanning File C:\Documents and Settings\Eric\Application Data\Dropbox\shellext\l\4e38caf0_sent
03 Aug 2011 03:43:16 - ERROR(3)!!! ScanFile fails for C:\Documents and Settings\Eric\Application Data\Dropbox\shellext\l\4e38caf0_sent
03 Aug 2011 03:43:55 - C:\Documents and Settings\Eric\Application Data\Skype\shared_dynco\dc.db not Scanned. Possibly password protected...
03 Aug 2011 03:43:55 - C:\Documents and Settings\Eric\Application Data\Skype\shared_dynco\dc.db-journal not Scanned. Possibly password protected...
03 Aug 2011 03:43:55 - C:\Documents and Settings\Eric\Application Data\Skype\shared_httpfe\queue.db not Scanned. Possibly password protected...
03 Aug 2011 03:43:55 - C:\Documents and Settings\Eric\Application Data\Skype\temp-bd7ds6r63VqJc3qE64Vvjkrm not Scanned. Possibly password protected...
03 Aug 2011 03:43:55 - C:\Documents and Settings\Eric\Application Data\Skype\temp-ibEzTgXw6ZY8uapNcSfrCejb not Scanned. Possibly password protected...
03 Aug 2011 03:45:27 - C:\Documents and Settings\Eric\Local Settings\temp\bdcore.dll.71814014.mwt File already Scanned once... not able to clean.

03 Aug 2011 04:04:55 - Scanning File C:\Program Files\WinRAR\Default.SFX
03 Aug 2011 04:04:56 - File C:\Program Files\WinRAR\Default.SFX infected by "Trojan.Generic.4607025 (DB)" Virus! Action Taken: File Renamed.

03 Aug 2011 04:05:15 - C:\System Volume Information\9396086drv.isw not Scanned. Possibly password protected...
03 Aug 2011 04:06:49 - Scanning File C:\System Volume Information\_restore{E7A27EF9-831F-475D-B7E0-7FC02FBE215A}\RP21\A0006316.exe
03 Aug 2011 04:06:52 - File C:\System Volume Information\_restore{E7A27EF9-831F-475D-B7E0-7FC02FBE215A}\RP21\A0006316.exe infected by "Trojan.Generic.1768957 (DB)" Virus! Action Taken: File Renamed.

03 Aug 2011 04:06:53 - Scanning File C:\System Volume Information\_restore{E7A27EF9-831F-475D-B7E0-7FC02FBE215A}\RP21\A0006317.exe
03 Aug 2011 04:06:58 - File C:\System Volume Information\_restore{E7A27EF9-831F-475D-B7E0-7FC02FBE215A}\RP21\A0006317.exe infected by "Trojan.Generic.5975414 (DB)" Virus! Action Taken: File Renamed.

03 Aug 2011 04:16:54 - C:\WINDOWS\system32\CatRoot2\tmp.edb not Scanned. Possibly password protected...
03 Aug 2011 04:16:57 - C:\WINDOWS\system32\config\default not Scanned. Possibly password protected...
03 Aug 2011 04:16:57 - C:\WINDOWS\system32\config\SAM not Scanned. Possibly password protected...
03 Aug 2011 04:16:57 - C:\WINDOWS\system32\config\SECURITY not Scanned. Possibly password protected...
03 Aug 2011 04:16:57 - C:\WINDOWS\system32\config\software not Scanned. Possibly password protected...
03 Aug 2011 04:16:57 - C:\WINDOWS\system32\config\system not Scanned. Possibly password protected...

03 Aug 2011 04:19:55 - ***** Checking for specific ITW Viruses *****

03 Aug 2011 04:19:55 - ***** Scanning complete. *****

03 Aug 2011 04:19:55 - Total Objects Scanned: 117579
03 Aug 2011 04:19:55 - Total Critical Objects: 9
03 Aug 2011 04:19:55 - Total Disinfected Objects: 0
03 Aug 2011 04:19:55 - Total Objects Renamed: 9
03 Aug 2011 04:19:55 - Total Deleted Objects: 0
03 Aug 2011 04:19:55 - Total Errors: 16
03 Aug 2011 04:19:55 - Time Elapsed: 00:47:25
03 Aug 2011 04:19:55 - Virus Database Date: 03 Aug 2011
03 Aug 2011 04:19:55 - Virus Database Count: 8706737

03 Aug 2011 04:19:55 - Scan Completed.


03 Aug 2011 11:17:06 - Options Selected by User:
03 Aug 2011 11:17:06 - Memory Check: Enabled
03 Aug 2011 11:17:06 - Registry Check: Enabled
03 Aug 2011 11:17:06 - StartUp Folder Check: Enabled
03 Aug 2011 11:17:06 - System Folder Check: Enabled
03 Aug 2011 11:17:06 - Services Check: Enabled
03 Aug 2011 11:17:06 - Scan Spyware: Disabled
03 Aug 2011 11:17:06 - Drive Check: Enabled
03 Aug 2011 11:17:06 - All Drive Check :Disabled
03 Aug 2011 11:17:06 - Drive Selected = C:\
03 Aug 2011 11:17:06 - Folder Check: Disabled
03 Aug 2011 11:17:06 - SCAN: All_Files
03 Aug 2011 11:17:06 - MWAV Mode: Scan and Clean files (for viruses, adware and spyware)


03 Aug 2011 11:17:07 - ***** Scanning Memory Files *****

03 Aug 2011 11:17:35 - ***** Scanning Registry Files *****

03 Aug 2011 11:17:50 - ***** Scanning StartUp Folders *****

03 Aug 2011 11:17:52 - ***** Scanning Service Files *****

03 Aug 2011 11:18:02 - ***** Scanning System32 Folders *****

03 Aug 2011 11:19:09 - C:\Documents and Settings\Eric\Local Settings\temp\bdcore.dll.71814014.mwt File already Scanned once... not able to clean.

03 Aug 2011 11:19:23 - ***** Scanning Drive C:\ *****
03 Aug 2011 11:19:24 - C:\32788R22FWJFW\catchme.cfxxe.mwt File already Scanned once... not able to clean.
03 Aug 2011 11:19:26 - C:\32788R22FWJFW\NirCmd.cfxxe.mwt File already Scanned once... not able to clean.
03 Aug 2011 11:19:26 - C:\32788R22FWJFW\NIRKMD.cfxxe.mwt File already Scanned once... not able to clean.
03 Aug 2011 11:19:33 - C:\ComboFix\NIRKMD.cfxxe.mwt File already Scanned once... not able to clean.
03 Aug 2011 11:25:50 - Scanning File C:\Documents and Settings\Eric\Application Data\Dropbox\shellext\l\4e364db9_sent
03 Aug 2011 11:25:50 - ERROR(3)!!! ScanFile fails for C:\Documents and Settings\Eric\Application Data\Dropbox\shellext\l\4e364db9_sent
03 Aug 2011 11:25:50 - Scanning File C:\Documents and Settings\Eric\Application Data\Dropbox\shellext\l\4e365d98_sent
03 Aug 2011 11:25:50 - ERROR(3)!!! ScanFile fails for C:\Documents and Settings\Eric\Application Data\Dropbox\shellext\l\4e365d98_sent
03 Aug 2011 11:25:50 - Scanning File C:\Documents and Settings\Eric\Application Data\Dropbox\shellext\l\4e380738_sent
03 Aug 2011 11:25:50 - ERROR(3)!!! ScanFile fails for C:\Documents and Settings\Eric\Application Data\Dropbox\shellext\l\4e380738_sent
03 Aug 2011 11:25:50 - Scanning File C:\Documents and Settings\Eric\Application Data\Dropbox\shellext\l\4e38b616_sent
03 Aug 2011 11:25:50 - ERROR(3)!!! ScanFile fails for C:\Documents and Settings\Eric\Application Data\Dropbox\shellext\l\4e38b616_sent
03 Aug 2011 11:25:50 - Scanning File C:\Documents and Settings\Eric\Application Data\Dropbox\shellext\l\4e38caf0_sent
03 Aug 2011 11:25:50 - ERROR(3)!!! ScanFile fails for C:\Documents and Settings\Eric\Application Data\Dropbox\shellext\l\4e38caf0_sent

03 Aug 2011 11:26:20 - C:\Documents and Settings\Eric\Application Data\Skype\shared_dynco\dc.db not Scanned. Possibly password protected...
03 Aug 2011 11:26:20 - C:\Documents and Settings\Eric\Application Data\Skype\shared_dynco\dc.db-journal not Scanned. Possibly password protected...
03 Aug 2011 11:26:20 - C:\Documents and Settings\Eric\Application Data\Skype\shared_httpfe\queue.db not Scanned. Possibly password protected...
03 Aug 2011 11:26:20 - C:\Documents and Settings\Eric\Application Data\Skype\temp-bd7ds6r63VqJc3qE64Vvjkrm not Scanned. Possibly password protected...
03 Aug 2011 11:26:20 - C:\Documents and Settings\Eric\Application Data\Skype\temp-ibEzTgXw6ZY8uapNcSfrCejb not Scanned. Possibly password protected...
03 Aug 2011 11:27:43 - C:\Documents and Settings\Eric\Local Settings\temp\bdcore.dll.71814014.mwt File already Scanned once... not able to clean.
03 Aug 2011 11:42:30 - C:\Program Files\WinRAR\Default.SFX.mwt File already Scanned once... not able to clean.
03 Aug 2011 11:42:41 - C:\System Volume Information\9396086drv.isw not Scanned. Possibly password protected...
03 Aug 2011 11:49:23 - C:\WINDOWS\system32\CatRoot2\tmp.edb not Scanned. Possibly password protected...
03 Aug 2011 11:49:26 - C:\WINDOWS\system32\config\default not Scanned. Possibly password protected...
03 Aug 2011 11:49:26 - C:\WINDOWS\system32\config\SAM not Scanned. Possibly password protected...
03 Aug 2011 11:49:26 - C:\WINDOWS\system32\config\SECURITY not Scanned. Possibly password protected...
03 Aug 2011 11:49:26 - C:\WINDOWS\system32\config\software not Scanned. Possibly password protected...
03 Aug 2011 11:49:26 - C:\WINDOWS\system32\config\system not Scanned. Possibly password protected...

03 Aug 2011 11:51:41 - ***** Checking for specific ITW Viruses *****

03 Aug 2011 11:51:41 - ***** Scanning complete. *****

03 Aug 2011 11:51:41 - Total Objects Scanned: 116635
03 Aug 2011 11:51:41 - Total Critical Objects: 0
03 Aug 2011 11:51:41 - Total Disinfected Objects: 0
03 Aug 2011 11:51:41 - Total Objects Renamed: 0
03 Aug 2011 11:51:41 - Total Deleted Objects: 0
03 Aug 2011 11:51:41 - Total Errors: 0
03 Aug 2011 11:51:41 - Time Elapsed: 00:34:35
03 Aug 2011 11:51:41 - Virus Database Date: 03 Aug 2011
03 Aug 2011 11:51:41 - Virus Database Count: 8706737

03 Aug 2011 11:51:41 - Scan Completed.

#15 Necroxia

Necroxia
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 04 August 2011 - 12:22 AM

I think I'm going to just wipe the hard drive and reinstall Windows.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users