Results of system analysis

LSP settings checked. No errors detected

127.0.0.1       localhost

::1             localhost

AVZ Antiviral Toolkit log; AVZ version is 4.30
Scanning started at 20/06/2009 7:42:12 PM
Database loaded: signatures - 228068, NN profile(s) - 2, microprograms of healing - 56, signature database released 18.06.2009 19:50
Heuristic microprograms loaded: 372
SPV microprograms loaded: 9
Digital signatures of system files loaded: 123500
Heuristic analyzer mode: Medium heuristics level
Healing mode: enabled
Windows version: 6.0.6001, Service Pack 1 ; AVZ is launched with administrator rights
System Restore: enabled
1. Searching for Rootkits and programs intercepting API functions
1.1 Searching for user-mode API hooks
 Analysis: kernel32.dll, export table found in section .text
 Analysis: ntdll.dll, export table found in section .text
 Analysis: user32.dll, export table found in section .text
 Analysis: advapi32.dll, export table found in section .text
 Analysis: ws2_32.dll, export table found in section .text
 Analysis: wininet.dll, export table found in section .text
 Analysis: rasapi32.dll, export table found in section .text
 Analysis: urlmon.dll, export table found in section .text
 Analysis: netapi32.dll, export table found in section .text
1.2 Searching for kernel-mode API hooks
 Error loading driver - checking interrupted [C0000061]
 >>>> Process masking detected 7836 ?
 >>>> Process masking detected 15872 ?
 >>>> Process masking detected 16376 ?
 >>>> Process masking detected 58716 ?
 >>>> Process masking detected 13612 ?
 >>>> Process masking detected 28588 ?
 >>>> Process masking detected 29032 ?
1.4 Searching for masking processes and drivers
 Checking not performed: extended monitoring driver (AVZPM) is not installed
 Error loading driver - checking interrupted [C0000061]
2. Scanning memory
 Number of processes found: 31
 Number of modules loaded: 364
Scanning memory - complete
3. Scanning disks
>>>To delete the file C:\Program Files\AskTBar\bar\1.bin\A5POPSWT.DLL reboot is required
C:\Program Files\AskTBar\bar\1.bin\A5POPSWT.DLL >>>>> AdvWare.Win32.MyWebSearch.az  error deleting 
>>>To delete the file C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL reboot is required
C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL >>>>> AdvWare.Win32.MyWebSearch.az  error deleting 
File quarantined succesfully (C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll)
>>>To delete the file C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll reboot is required
C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll >>>>> AdvWare.Win32.MegaSearch.aj  error deleting 
C:\Users\Tim Jeffrey\AppData\Local\Temp\NERO14399\Toolbar.exe >>>>> AdvWare.Win32.MyWebSearch.bm  deleted successfully
Removing traces of deleted files...
4. Checking  Winsock Layered Service Provider (SPI/LSP)
 LSP settings checked. No errors detected
5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)
Note: Do NOT delete suspicious files, send them for analysis  (see FAQ for more details),  because there are lots of useful hooking DLLs
6. Searching for opened TCP/UDP ports used by malicious programs
 Checking disabled by user
7. Heuristic system check
Latent loading of libraries through AppInit_DLLs suspected: "avgrsstx.dll"
>>> Suspicion on trojan DNS ({050CF13D-2D79-424F-8089-FD54410769AE} "Wireless Network Connection")
>>> Suspicion on trojan DNS ({492211E2-4A92-42FD-9B91-FBB1E7B0ACDF} "Local Area Connection")
Checking - complete
8. Searching for vulnerabilities
>> Security: disk drives' autorun is enabled
>> Security: administrative shares (C$, D$ ...) are enabled
>> Security: anonymous user access is enabled
>> Security: sending Remote Assistant queries is enabled
Checking - complete
9. Troubleshooting wizard
 >>  HDD autorun are allowed
 >>  Autorun from network drives are allowed
 >>  Removable media autorun are allowed
Checking - complete
Files scanned: 63495, extracted from archives: 35903, malicious software found 4, suspicions - 0
Scanning finished at 20/06/2009 8:02:59 PM
Attention !!! Reboot is required to complete healing 
Time of scanning: 00:20:51
If you have a suspicion on presence of viruses or questions on the suspected objects,
you can address http://virusinfo.info conference
Creating archive of files from Quarantine
Creating archive of files from Quarantine - complete
System Analysis in progress


Script commands
 
Add commands to script:
Blocking hooks using Anti-Rootkit
Enable AVZGuard
BootCleaner - import list of deleted files
Registry cleanup after deleting files
BootCleaner - activate
Reboot
Insert template for QuarantineFile() - quarantining file
Insert template for BC_QrFile() - quarantining file via BootCleaner
Insert template for DeleteFile() - deleting file
Insert template for DelCLSID() - deleting CLSID item from registry
Additional operations:
Security tweaking: disable CD autorun
Security tweaking: disable administrative shares
Security tweaking: disable anonymous user access
Security: disable sending Remote Assistant queries

File list