Welcome to MalwareRemoval.com, What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.
MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Avira AntiVir Personal Report file date: Thursday, May 14, 2009 19:38
Scanning for 1394607 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Boot mode: Normally booted Username: SYSTEM Computer name: ROSEMARY
Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, D:, Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium
Start of the scan: Thursday, May 14, 2009 19:38
The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned Scan process 'NOTEPAD.EXE' - '1' Module(s) have been scanned Scan process 'SystemLook.exe' - '1' Module(s) have been scanned Scan process 'hpsysdrv.exe' - '1' Module(s) have been scanned Scan process 'kbd.exe' - '1' Module(s) have been scanned Scan process 'wuauclt.exe' - '1' Module(s) have been scanned Scan process 'wuauclt.exe' - '1' Module(s) have been scanned Scan process 'firefox.exe' - '1' Module(s) have been scanned Scan process 'hpqste08.exe' - '1' Module(s) have been scanned Scan process 'DiscStreamHub.exe' - '1' Module(s) have been scanned Scan process 'iPodService.exe' - '1' Module(s) have been scanned Scan process 'Updates from HP.exe' - '1' Module(s) have been scanned Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned Scan process 'reader_sl.exe' - '1' Module(s) have been scanned Scan process 'ehmsas.exe' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'DISCover.exe' - '1' Module(s) have been scanned Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned Scan process 'qttask.exe' - '1' Module(s) have been scanned Scan process 'hpgs2wnf.exe' - '1' Module(s) have been scanned Scan process 'dllhost.exe' - '1' Module(s) have been scanned Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned Scan process 'hpgs2wnd.exe' - '1' Module(s) have been scanned Scan process 'DMAScheduler.exe' - '1' Module(s) have been scanned Scan process 'arpwrmsg.exe' - '1' Module(s) have been scanned Scan process 'RTHDCPL.EXE' - '1' Module(s) have been scanned Scan process 'ehtray.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'ZuneNss.exe' - '1' Module(s) have been scanned Scan process 'mcrdsvc.exe' - '1' Module(s) have been scanned Scan process 'WUSB54GC.exe' - '1' Module(s) have been scanned Scan process 'WLService.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned Scan process 'jqs.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'ehSched.exe' - '1' Module(s) have been scanned Scan process 'ehrecvr.exe' - '1' Module(s) have been scanned Scan process 'arservice.exe' - '1' Module(s) have been scanned Scan process 'AOLacsd.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 63 processes with 63 modules were scanned
Starting master boot sector scan: Master boot sector HD0 [INFO] No virus was found! Master boot sector HD1 [INFO] No virus was found! [WARNING] System error [21]: The device is not ready. Master boot sector HD2 [INFO] No virus was found! [WARNING] System error [21]: The device is not ready. Master boot sector HD3 [INFO] No virus was found! [WARNING] System error [21]: The device is not ready. Master boot sector HD4 [INFO] No virus was found! [WARNING] System error [21]: The device is not ready.
Start scanning boot sectors: Boot sector 'C:\' [INFO] No virus was found! Boot sector 'D:\' [INFO] No virus was found!
Starting to scan the registry. The registry was scanned ( '75' files ).
Starting the file scan:
Begin scan in 'C:\' <HP_PAVILION> C:\hiberfil.sys [WARNING] The file could not be opened! C:\pagefile.sys [WARNING] The file could not be opened! C:\a18cfade43a197deb0f5\update\update.exe [WARNING] The file could not be opened! C:\a18cfade43a197deb0f5\update\wpdinstallutil.dll [WARNING] The file could not be opened! C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WildTangent21.zip [DETECTION] Contains suspicious code GEN/PwdZIP [NOTE] The detection was classified as suspicious. [WARNING] The file was ignored! C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WildTangent51.zip [DETECTION] Contains suspicious code GEN/PwdZIP [NOTE] The detection was classified as suspicious. [WARNING] The file was ignored! C:\Documents and Settings\HP_Administrator\Desktop\Old Documents\Documents and Settings\Administrator\Desktop\Desktop Documents\Temporary Document.doc [0] Archive type: CAB (Microsoft) --> tdc.ocx [WARNING] No further files can be extracted from this archive. The archive will be closed C:\Program Files\WildTangent\Apps\My HP Game Console\Uninstall.exe [DETECTION] Contains recognition pattern of the DR/Zlob.Gen dropper [WARNING] The file was ignored! C:\Qoobox\Quarantine\C\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\ctfmon.exe.vir [DETECTION] Is the TR/VB.AQT Trojan [WARNING] The file was ignored! C:\Qoobox\Quarantine\C\Recycled\Recycled\ctfmon.exe.vir [DETECTION] Is the TR/VB.AQT Trojan [WARNING] The file was ignored! C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\$sys$cor.sys.vir [DETECTION] Contains recognition pattern of the RKIT/Rootkit.XCP.8 root kit [WARNING] The file was ignored! C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP540\A0060251.inf [DETECTION] Contains recognition pattern of the WORM/VB.FI.9 worm [WARNING] The file was ignored! C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP540\A0060252.exe [DETECTION] Is the TR/VB.AQT Trojan [WARNING] The file was ignored! C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP540\A0060256.exe [DETECTION] Is the TR/VB.AQT Trojan [WARNING] The file was ignored! C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP542\A0060480.sys [DETECTION] Contains recognition pattern of the RKIT/Rootkit.XCP.8 root kit [WARNING] The file was ignored! C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP551\A0061253.dll [DETECTION] Contains recognition pattern of the RKIT/Rootkit.XCP.2 root kit [WARNING] The file was ignored! C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP551\A0061254.exe [DETECTION] Contains recognition pattern of the RKIT/Rootkit.XCP.3 root kit [WARNING] The file was ignored! C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP553\A0061295.exe [DETECTION] Contains recognition pattern of the RKIT/Rootkit.XCP.3 root kit [WARNING] The file was ignored! C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP555\A0061394.dll [DETECTION] Contains recognition pattern of the RKIT/Rootkit.XCP.2 root kit [WARNING] The file was ignored! C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP555\A0061395.sys [DETECTION] Contains recognition pattern of the RKIT/Rootkit.XCP.B.4 root kit [WARNING] The file was ignored! C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP555\A0061396.sys [DETECTION] Contains recognition pattern of the RKIT/Rootkit.XCP.7 root kit [WARNING] The file was ignored! C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP555\A0061397.exe [DETECTION] Contains recognition pattern of the RKIT/Rootkit.XCP.5 root kit [WARNING] The file was ignored! C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP555\A0061398.exe [DETECTION] Contains recognition pattern of the RKIT/Rootkit.XCP.1 root kit [WARNING] The file was ignored! C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP555\A0061399.exe [DETECTION] Contains recognition pattern of the RKIT/Rootkit.XCP.3 root kit [WARNING] The file was ignored! Begin scan in 'D:\' <HP_RECOVERY> D:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP540\A0060253.inf [DETECTION] Is the TR/VB.aqt.58 Trojan [WARNING] The file was ignored! D:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP549\A0060889.exe [DETECTION] Is the TR/VB.AQT Trojan [WARNING] The file was ignored!
End of the scan: Thursday, May 14, 2009 20:40 Used time: 1:02:08 Hour(s)
The scan has been done completely.
11569 Scanning directories 578949 Files were scanned 19 viruses and/or unwanted programs were found 2 Files were classified as suspicious: 0 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 4 Files cannot be scanned 578924 Files not concerned 16573 Archives were scanned 30 Warnings 2 Notes
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.
Clear Infected System Restore Points
Turn System Restore off
On the Desktop, right click on the My Computer icon.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK. Restart your computer
Turn System Restore on
On the Desktop, right click on the My Computer icon.
Click Properties.
Click the System Restore tab.
Uncheck *Turn off System Restore*.
Click Apply, and then click OK.
Note: only do this once,and not on a regular basis
Users browsing this forum: No registered users and 439 guests
Contact us:
Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.