Generic Host Process for Win32 and more

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by VJPholwanna, Aug 9, 2010.

  1. VJPholwanna

    VJPholwanna Private E-2

    I get the Win32 error and I think my Google bar keeps opening random web pages. I'm running scans now, I'll post logs up when they finish

    I've tried installing the packs windows gave, but it just says I have the newest version and won't install anyways, and I've tried all the stuff in similar threads before, but sorry if I missed anything.
     
  2. VJPholwanna

    VJPholwanna Private E-2

    Avira AntiVir Personal
    Report file date: Monday, August 09, 2010 01:55

    Scanning for 2690356 virus strains and unwanted programs.

    The program is running as an unrestricted full version.
    Online services are available:

    Licensee : Avira AntiVir Personal - FREE Antivirus
    Serial number : 0000149996-ADJIE-0000001
    Platform : Windows XP
    Windows version : (Service Pack 3) [5.1.2600]
    Boot mode : Normally booted
    Username : Admin
    Computer name : COMPUTERNAME

    Version information:
    BUILD.DAT : 10.0.0.567 32097 Bytes 19/4/2553 15:07:00
    AVSCAN.EXE : 10.0.3.0 433832 Bytes 21/4/2553 00:52:21
    AVSCAN.DLL : 10.0.3.0 46440 Bytes 21/4/2553 00:52:21
    LUKE.DLL : 10.0.2.3 104296 Bytes 7/3/2553 22:33:04
    LUKERES.DLL : 10.0.0.1 12648 Bytes 11/2/2553 03:40:49
    VBASE000.VDF : 7.10.0.0 19875328 Bytes 6/11/2552 13:05:36
    VBASE001.VDF : 7.10.1.0 1372672 Bytes 19/11/2552 23:27:49
    VBASE002.VDF : 7.10.3.1 3143680 Bytes 20/1/2553 21:37:42
    VBASE003.VDF : 7.10.3.75 996864 Bytes 26/1/2553 20:37:42
    VBASE004.VDF : 7.10.4.203 1579008 Bytes 5/3/2553 15:29:03
    VBASE005.VDF : 7.10.6.82 2494464 Bytes 15/4/2553 00:52:20
    VBASE006.VDF : 7.10.7.218 2294784 Bytes 2/6/2553 19:57:13
    VBASE007.VDF : 7.10.9.165 4840960 Bytes 23/7/2553 20:13:23
    VBASE008.VDF : 7.10.9.166 2048 Bytes 23/7/2553 20:13:23
    VBASE009.VDF : 7.10.9.167 2048 Bytes 23/7/2553 20:13:23
    VBASE010.VDF : 7.10.9.168 2048 Bytes 23/7/2553 20:13:23
    VBASE011.VDF : 7.10.9.169 2048 Bytes 23/7/2553 20:13:23
    VBASE012.VDF : 7.10.9.170 2048 Bytes 23/7/2553 20:13:24
    VBASE013.VDF : 7.10.9.198 157696 Bytes 26/7/2553 20:13:24
    VBASE014.VDF : 7.10.9.255 997888 Bytes 29/7/2553 20:13:26
    VBASE015.VDF : 7.10.10.28 139264 Bytes 2/8/2553 20:13:27
    VBASE016.VDF : 7.10.10.52 127488 Bytes 3/8/2553 20:13:27
    VBASE017.VDF : 7.10.10.84 137728 Bytes 6/8/2553 05:51:57
    VBASE018.VDF : 7.10.10.85 1536 Bytes 6/8/2553 05:51:57
    VBASE019.VDF : 7.10.10.86 1536 Bytes 6/8/2553 05:51:58
    VBASE020.VDF : 7.10.10.87 1536 Bytes 6/8/2553 05:51:58
    VBASE021.VDF : 7.10.10.88 1536 Bytes 6/8/2553 05:51:58
    VBASE022.VDF : 7.10.10.89 1536 Bytes 6/8/2553 05:51:59
    VBASE023.VDF : 7.10.10.90 1536 Bytes 6/8/2553 05:51:59
    VBASE024.VDF : 7.10.10.91 1536 Bytes 6/8/2553 05:51:59
    VBASE025.VDF : 7.10.10.92 1536 Bytes 6/8/2553 05:51:59
    VBASE026.VDF : 7.10.10.93 1536 Bytes 6/8/2553 05:52:00
    VBASE027.VDF : 7.10.10.94 1536 Bytes 6/8/2553 05:52:00
    VBASE028.VDF : 7.10.10.95 1536 Bytes 6/8/2553 05:52:00
    VBASE029.VDF : 7.10.10.96 1536 Bytes 6/8/2553 05:52:00
    VBASE030.VDF : 7.10.10.97 1536 Bytes 6/8/2553 05:52:00
    VBASE031.VDF : 7.10.10.105 119296 Bytes 8/8/2553 05:52:01
    Engineversion : 8.2.4.34
    AEVDF.DLL : 8.1.2.1 106868 Bytes 3/8/2553 20:13:38
    AESCRIPT.DLL : 8.1.3.42 1364347 Bytes 3/8/2553 20:13:38
    AESCN.DLL : 8.1.6.1 127347 Bytes 14/5/2553 03:34:38
    AESBX.DLL : 8.1.3.1 254324 Bytes 30/4/2553 08:08:15
    AERDL.DLL : 8.1.8.2 614772 Bytes 3/8/2553 20:13:37
    AEPACK.DLL : 8.2.3.5 471412 Bytes 9/8/2553 05:52:06
    AEOFFICE.DLL : 8.1.1.8 201081 Bytes 3/8/2553 20:13:35
    AEHEUR.DLL : 8.1.2.11 2834805 Bytes 9/8/2553 05:52:05
    AEHELP.DLL : 8.1.13.2 242039 Bytes 3/8/2553 20:13:32
    AEGEN.DLL : 8.1.3.19 393587 Bytes 9/8/2553 05:52:02
    AEEMU.DLL : 8.1.2.0 393588 Bytes 30/4/2553 08:08:14
    AECORE.DLL : 8.1.16.2 192887 Bytes 3/8/2553 20:13:31
    AEBB.DLL : 8.1.1.0 53618 Bytes 30/4/2553 08:08:13
    AVWINLL.DLL : 10.0.0.0 19304 Bytes 14/1/2553 16:03:38
    AVPREF.DLL : 10.0.0.0 44904 Bytes 14/1/2553 16:03:35
    AVREP.DLL : 10.0.0.8 62209 Bytes 18/2/2553 20:47:40
    AVREG.DLL : 10.0.3.0 53096 Bytes 21/4/2553 00:52:22
    AVSCPLR.DLL : 10.0.3.0 83816 Bytes 21/4/2553 00:52:22
    AVARKT.DLL : 10.0.0.14 227176 Bytes 21/4/2553 00:52:21
    AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 26/1/2553 13:53:30
    SQLITE3.DLL : 3.6.19.0 355688 Bytes 28/1/2553 16:57:58
    AVSMTP.DLL : 10.0.0.17 63848 Bytes 16/3/2553 19:38:56
    NETNT.DLL : 10.0.0.0 11624 Bytes 19/2/2553 18:41:00
    RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28/1/2553 17:10:20
    RCTEXT.DLL : 10.0.53.0 97128 Bytes 21/4/2553 00:52:20

    Configuration settings for the scan:
    Jobname.............................: Local Drives
    Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\alldrives.avp
    Logging.............................: low
    Primary action......................: interactive
    Secondary action....................: ignore
    Scan master boot sector.............: on
    Scan boot sector....................: on
    Boot sectors........................: C:, A:, F:, G:,
    Process scan........................: on
    Scan registry.......................: on
    Search for rootkits.................: off
    Integrity checking of system files..: off
    Scan all files......................: Intelligent file selection
    Scan archives.......................: on
    Recursion depth.....................: 20
    Smart extensions....................: on
    Macro heuristic.....................: on
    File heuristic......................: medium

    Start of the scan: Monday, August 09, 2010 01:55

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'plugin-container.exe' - '1' Module(s) have been scanned
    Scan process 'hprblog.exe' - '1' Module(s) have been scanned
    Scan process 'openvpntray.exe' - '1' Module(s) have been scanned
    Scan process 'firefox.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'hpqSTE08.exe' - '1' Module(s) have been scanned
    Scan process 'Sidebar.exe' - '1' Module(s) have been scanned
    Scan process 'hpqimzone.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned
    Scan process 'mdm.exe' - '1' Module(s) have been scanned
    Scan process 'jqs.exe' - '1' Module(s) have been scanned
    Scan process 'hsswd.exe' - '1' Module(s) have been scanned
    Scan process 'hsssrv.exe' - '1' Module(s) have been scanned
    Scan process 'KHALMNPR.EXE' - '1' Module(s) have been scanned
    Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
    Scan process 'openvpnas.exe' - '1' Module(s) have been scanned
    Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
    Scan process 'avshadow.exe' - '1' Module(s) have been scanned
    Scan process 'sidebar.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'SetPoint.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'winampa.exe' - '1' Module(s) have been scanned
    Scan process 'Acrotray.exe' - '1' Module(s) have been scanned
    Scan process 'StxMenuMgr.exe' - '1' Module(s) have been scanned
    Scan process 'HPWuSchd2.exe' - '1' Module(s) have been scanned
    Scan process 'GrooveMonitor.exe' - '1' Module(s) have been scanned
    Scan process 'igfxpers.exe' - '1' Module(s) have been scanned
    Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
    Scan process 'FreeAgentService.exe' - '1' Module(s) have been scanned
    Scan process 'igfxtray.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!
    Boot sector 'A:\'
    [INFO] In the drive 'A:\' no data medium is inserted!

    Starting to scan executable files (registry).
    The registry was scanned ( '473' files ).


    Starting the file scan:

    Begin scan in 'C:\'
    C:\Documents and Settings\Admin\Application Data\Sun\Java\Deployment\cache\6.0\15\6563480f-241e957d
    [0] Archive type: ZIP
    [DETECTION] Contains recognition pattern of the JAVA/Agent.M.2 Java virus
    --> dev/s/DyesyasZ.class
    [DETECTION] Contains recognition pattern of the JAVA/Agent.M.2 Java virus
    --> dev/s/LoaderX.class
    [DETECTION] Contains recognition pattern of the JAVA/Agent.M.1 Java virus
    C:\Documents and Settings\Admin\Application Data\Sun\Java\Deployment\cache\6.0\6\5420cf06-1aed09b3
    [0] Archive type: ZIP
    [DETECTION] Contains recognition pattern of the JAVA/Agent.S Java virus
    --> dev/s/AdgredY.class
    [DETECTION] Contains recognition pattern of the JAVA/Agent.S Java virus
    --> dev/s/DyesyasZ.class
    [DETECTION] Contains recognition pattern of the JAVA/Agent.R Java virus
    --> dev/s/LoaderX.class
    [DETECTION] Contains recognition pattern of the JAVA/Agent.M.1 Java virus
    C:\Documents and Settings\Admin\Application Data\Sun\Java\Deployment\cache\6.0\8\5ea66c8-2f94bf5c
    [0] Archive type: ZIP
    [DETECTION] Contains recognition pattern of the JAVA/Agent.M.2 Java virus
    --> dev/s/DyesyasZ.class
    [DETECTION] Contains recognition pattern of the JAVA/Agent.M.2 Java virus
    --> dev/s/LoaderX.class
    [DETECTION] Contains recognition pattern of the JAVA/Agent.M.1 Java virus
    C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\3\4e84bf83-651aba09
    [0] Archive type: ZIP
    [DETECTION] Contains recognition pattern of the JAVA/Agent.J Java virus
    --> gogol/Familie.class
    [DETECTION] Contains recognition pattern of the JAVA/Agent.J Java virus
    C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\30\6b1f919e-5d8deb58
    [0] Archive type: ZIP
    [DETECTION] Contains recognition pattern of the JAVA/Agent.W Java virus
    --> sunny/Changes.class
    [DETECTION] Contains recognition pattern of the JAVA/Agent.W Java virus
    --> sunny/MyFiles.class
    [DETECTION] Contains recognition pattern of the JAVA/Agent.U Java virus
    C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\44\34db286c-179794c1
    [0] Archive type: ZIP
    [DETECTION] Contains recognition pattern of the JAVA/ClassLoader.AO Java virus
    --> Is.class
    [DETECTION] Contains recognition pattern of the JAVA/ClassLoader.AO Java virus
    --> MyName.class
    [DETECTION] Contains recognition pattern of the JAVA/ClassLoader.AN Java virus
    --> Phone.class
    [DETECTION] Contains recognition pattern of the JAVA/ClassLoader.AP Java virus
    C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\62\68ffb53e-6e9b87c1
    [0] Archive type: ZIP
    [DETECTION] Contains recognition pattern of the JAVA/Agent.FG Java virus
    --> F.class
    [DETECTION] Contains recognition pattern of the JAVA/Agent.FG Java virus
    --> Google.class
    [DETECTION] Contains recognition pattern of the JAVA/Agent.FF Java virus
    C:\WINDOWS\Temp\jar_cache7919246657314430114.tmp
    [0] Archive type: ZIP
    [DETECTION] Contains recognition pattern of the JAVA/ClassLoader.N Java virus
    --> quote/Mailvue.class
    [DETECTION] Contains recognition pattern of the JAVA/ClassLoader.N Java virus
    --> quote/Skypeqd.class
    [DETECTION] Contains recognition pattern of the JAVA/ClassLoader.S Java virus
    --> quote/Twitters.class
    [DETECTION] Contains recognition pattern of the JAVA/ClassLoader.T Java virus
    Begin scan in 'A:\'
    Search path A:\ could not be opened!
    System error [21]: The device is not ready.
    Begin scan in 'F:\'
    Search path F:\ could not be opened!
    System error [21]: The device is not ready.
    Begin scan in 'G:\'
    Search path G:\ could not be opened!
    System error [21]: The device is not ready.

    Beginning disinfection:
    C:\WINDOWS\Temp\jar_cache7919246657314430114.tmp
    [DETECTION] Contains recognition pattern of the JAVA/ClassLoader.T Java virus
    [NOTE] The file was deleted!
    C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\62\68ffb53e-6e9b87c1
    [DETECTION] Contains recognition pattern of the JAVA/Agent.FF Java virus
    [NOTE] The file was deleted!
    C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\44\34db286c-179794c1
    [DETECTION] Contains recognition pattern of the JAVA/ClassLoader.AP Java virus
    [NOTE] The file was deleted!
    C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\30\6b1f919e-5d8deb58
    [DETECTION] Contains recognition pattern of the JAVA/Agent.U Java virus
    [NOTE] The file was deleted!
    C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\3\4e84bf83-651aba09
    [DETECTION] Contains recognition pattern of the JAVA/Agent.J Java virus
    [NOTE] The file was deleted!
    C:\Documents and Settings\Admin\Application Data\Sun\Java\Deployment\cache\6.0\8\5ea66c8-2f94bf5c
    [DETECTION] Contains recognition pattern of the JAVA/Agent.M.1 Java virus
    [NOTE] The file was deleted!
    C:\Documents and Settings\Admin\Application Data\Sun\Java\Deployment\cache\6.0\6\5420cf06-1aed09b3
    [DETECTION] Contains recognition pattern of the JAVA/Agent.M.1 Java virus
    [NOTE] The file was deleted!
    C:\Documents and Settings\Admin\Application Data\Sun\Java\Deployment\cache\6.0\15\6563480f-241e957d
    [DETECTION] Contains recognition pattern of the JAVA/Agent.M.1 Java virus
    [NOTE] The file was deleted!


    End of the scan: Monday, August 09, 2010 02:49
    Used time: 52:56 Minute(s)

    The scan has been done completely.

    8998 Scanned directories
    331864 Files were scanned
    18 Viruses and/or unwanted programs were found
    0 Files were classified as suspicious
    8 files were deleted
    0 Viruses and unwanted programs were repaired
    0 Files were moved to quarantine
    0 Files were renamed
    0 Files cannot be scanned
    331846 Files not concerned
    2245 Archives were scanned
    0 Warnings
    8 Notes
     
  3. VJPholwanna

    VJPholwanna Private E-2

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4409

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    8/9/2010 3:22:37 AM
    mbam-log-2010-08-09 (03-22-37).txt

    Scan type: Quick scan
    Objects scanned: 147964
    Time elapsed: 19 minute(s), 36 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
  4. Kestrel13!

    Kestrel13! Super Malware Fighter - Major Dilemma Staff Member

    You missed alot ;) All you have done so far is posted an inline mbam log. And an unrequested AV scan log. We ask for logs to be ATTACHED :)

    I also need to see attached logs from running:
    • RootRepeal (if you were able to run it)
    • SUPERantispyware
    • Combofix
    • MGlogs.zip <--- combofix.txt will be inside of here as long as you ran it.
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds