Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

I have 11 detections by antivir...

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

I have 11 detections by antivir...

Unread postby wisdomizlife » April 9th, 2010, 11:12 pm

for some odd reason... I came to my mothers house and find out my little brothers comp is in pretty bad shape.. The secutiry center is disabled.. I can't enable it.. Antivir was off the computer completely.. I put it back on.. after some internet security suite kept telling me to install it.. I ran it, and it found 11 detections.. I am including three logs.. The hjt, uninstall list, and the avira log.. thanks for any help you guys can provide.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:24:13 PM, on 4/9/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
C:\Program Files (x86)\Dell\MediaDirect\PCMService.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Users\Joshua\Documents\programs\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Joshua\Documents\programs\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsearch.com/index.jhtml ... oUmO6mdxKQ
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
O1 - Hosts: ::1 localhost
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FAIESSO Helper Object - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files (x86)\Dell\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2
O4 - HKLM\..\Run: [PCMService] "C:\Program Files (x86)\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~2\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Users\Joshua\Documents\programs\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SightSpeed] "C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe" -bootmode
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ojpbkmpx] C:\Users\Joshua\AppData\Local\jdhkfvkxc\osogguftssd.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\SysWOW64\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; WOW64; Trident/4.0; FunWebProducts; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; InfoPath.2; .NET CLR 3.5.30729; .NET CLR 3.0.30618; OfficeLiveConnector.1.4; OfficeLivePatch.0.0)" -"http://www.shockwave.com/gamelanding/driftnburn365.jsp"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Recorte de pantalla e Inicio rápido de OneNote 2007.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... p=ZUman000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: FastAccess - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_a2af78c4\AESTSr64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Users\Joshua\Documents\programs\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Users\Joshua\Documents\programs\Avira\AntiVir Desktop\avguard.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: FAService - Sensible Vision - C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwssvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Audio Service (STacSV) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_a2af78c4\STacSV64.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11067 bytes









uninstall list

Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9
Adobe Shockwave Player 11.5
Advanced Audio FX Engine
Avira AntiVir Personal - Free Antivirus
Browser Address Error Redirector
Browser Address Error Redirector
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
Dell Getting Started Guide
Dell Video Chat (remove only)
Dell Webcam Central
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Web Player
EDocs
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Update
ITECIR
Java(TM) 6 Update 19
Junk Mail filter update
Live! Cam Avatar Creator
MediaDirect
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (Spanish) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel 2007 Help Actualización (KB963678)
Microsoft Office Excel MUI (Spanish) 2007
Microsoft Office Groove MUI (Spanish) 2007
Microsoft Office InfoPath MUI (Spanish) 2007
Microsoft Office Live Add-in 1.4
Microsoft Office OneNote MUI (Spanish) 2007
Microsoft Office Outlook 2007 Help Actualización (KB963677)
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (Spanish) 2007
Microsoft Office Powerpoint 2007 Help Actualización (KB963669)
Microsoft Office PowerPoint MUI (Spanish) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (Basque) 2007
Microsoft Office Proof (Catalan) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Galician) 2007
Microsoft Office Proof (Portuguese (Brazil)) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (Spanish) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (Spanish) 2007
Microsoft Office Shared MUI (Spanish) 2007
Microsoft Office Word 2007 Help Actualización (KB963665)
Microsoft Office Word MUI (Spanish) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Mozilla Firefox (3.5.9)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
My Web Search (My Fun Cards)
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB977724)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office Word 2007 (KB974561)
Update for Outlook 2007 Junk Email Filter (kb979895)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Wizard101





Avira scan.





Avira AntiVir Personal
Report file date: Friday, April 09, 2010 21:26

Scanning for 1987196 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows Vista x64
Windows version : (Service Pack 2) [6.0.6002]
Boot mode : Normally booted
Username : Joshua
Computer name : HOLLOW-PC

Version information:
BUILD.DAT : 10.0.0.561 32098 Bytes 3/18/2010 15:46:00
AVSCAN.EXE : 10.0.2.3 433832 Bytes 3/7/2010 21:57:10
AVSCAN.DLL : 10.0.2.2 45928 Bytes 3/2/2010 16:48:47
LUKE.DLL : 10.0.2.3 104296 Bytes 3/7/2010 22:33:04
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 03:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 13:05:36
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 23:27:49
VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 21:37:42
VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 20:37:42
VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 15:29:03
VBASE005.VDF : 7.10.4.204 2048 Bytes 3/5/2010 15:29:03
VBASE006.VDF : 7.10.4.205 2048 Bytes 3/5/2010 15:29:03
VBASE007.VDF : 7.10.4.206 2048 Bytes 3/5/2010 15:29:03
VBASE008.VDF : 7.10.4.207 2048 Bytes 3/5/2010 15:29:03
VBASE009.VDF : 7.10.4.208 2048 Bytes 3/5/2010 15:29:03
VBASE010.VDF : 7.10.4.209 2048 Bytes 3/5/2010 15:29:03
VBASE011.VDF : 7.10.4.210 2048 Bytes 3/5/2010 15:29:03
VBASE012.VDF : 7.10.4.211 2048 Bytes 3/5/2010 15:29:03
VBASE013.VDF : 7.10.4.242 153088 Bytes 3/8/2010 19:43:21
VBASE014.VDF : 7.10.5.17 99328 Bytes 3/10/2010 19:24:21
VBASE015.VDF : 7.10.5.44 107008 Bytes 3/11/2010 21:41:40
VBASE016.VDF : 7.10.5.69 92672 Bytes 3/12/2010 13:25:53
VBASE017.VDF : 7.10.5.91 119808 Bytes 3/15/2010 13:39:58
VBASE018.VDF : 7.10.5.121 112640 Bytes 3/18/2010 17:01:24
VBASE019.VDF : 7.10.5.138 139776 Bytes 3/18/2010 01:14:29
VBASE020.VDF : 7.10.5.164 113152 Bytes 3/22/2010 01:14:29
VBASE021.VDF : 7.10.5.182 108032 Bytes 3/23/2010 01:14:30
VBASE022.VDF : 7.10.5.199 123904 Bytes 3/24/2010 01:14:30
VBASE023.VDF : 7.10.5.217 279552 Bytes 3/25/2010 01:14:31
VBASE024.VDF : 7.10.5.234 202240 Bytes 3/26/2010 01:14:32
VBASE025.VDF : 7.10.5.254 187904 Bytes 3/30/2010 01:14:33
VBASE026.VDF : 7.10.6.18 130560 Bytes 4/1/2010 01:14:33
VBASE027.VDF : 7.10.6.34 136192 Bytes 4/6/2010 01:14:34
VBASE028.VDF : 7.10.6.44 232448 Bytes 4/7/2010 01:14:34
VBASE029.VDF : 7.10.6.45 2048 Bytes 4/7/2010 01:14:35
VBASE030.VDF : 7.10.6.46 2048 Bytes 4/7/2010 01:14:35
VBASE031.VDF : 7.10.6.55 101376 Bytes 4/9/2010 01:14:36
Engineversion : 8.2.1.210
AEVDF.DLL : 8.1.1.3 106868 Bytes 2/13/2010 16:16:21
AESCRIPT.DLL : 8.1.3.24 1282425 Bytes 4/10/2010 01:14:45
AESCN.DLL : 8.1.5.0 127347 Bytes 2/25/2010 22:38:41
AESBX.DLL : 8.1.2.1 254323 Bytes 3/17/2010 15:09:47
AERDL.DLL : 8.1.4.3 541043 Bytes 3/17/2010 15:09:47
AEPACK.DLL : 8.2.1.1 426358 Bytes 4/10/2010 01:14:43
AEOFFICE.DLL : 8.1.0.41 201083 Bytes 3/17/2010 15:09:46
AEHEUR.DLL : 8.1.1.16 2503031 Bytes 4/10/2010 01:14:43
AEHELP.DLL : 8.1.11.3 242039 Bytes 4/10/2010 01:14:39
AEGEN.DLL : 8.1.3.6 373108 Bytes 4/10/2010 01:14:38
AEEMU.DLL : 8.1.1.0 393587 Bytes 11/10/2009 13:04:22
AECORE.DLL : 8.1.13.1 188790 Bytes 4/10/2010 01:14:37
AEBB.DLL : 8.1.0.3 53618 Bytes 9/10/2009 16:15:06
AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 16:03:38
AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 16:03:35
AVREP.DLL : 10.0.0.8 62209 Bytes 2/18/2010 20:47:40
AVREG.DLL : 10.0.1.2 52072 Bytes 1/29/2010 15:47:41
AVSCPLR.DLL : 10.0.2.3 83304 Bytes 3/7/2010 22:02:30
AVARKT.DLL : 10.0.0.13 227176 Bytes 3/7/2010 21:48:41
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 13:53:30
SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 16:57:58
AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 19:38:56
NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 18:41:00
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 17:10:20
RCTEXT.DLL : 10.0.46.0 97128 Bytes 3/5/2010 14:09:41

Configuration settings for the scan:
Jobname.............................: Scan for active malware
Configuration file..................: C:\ProgramData\Avira\AntiVir Desktop\PROFILES\rootkit.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: high

Start of the scan: Friday, April 09, 2010 21:26

Starting search for hidden objects.
C:;
C:;
[NOTE] The registry entry is invisible.
C:\Program Files (x86)\AIM6\aim6.exe
C:\Program Files (x86)\AIM6\aim6.exe
[NOTE] The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\CyberLink\Common\EvoParser\PowerCinema\4.0\autocheckperiod
[NOTE] The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Global IP Solutions\VoiceEngine\aim6.exe\version
[NOTE] The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Hewlett-Packard\DigitalImaging\TrayApp\askexitquestion
[NOTE] The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Hewlett-Packard\HPDJ Printing System Config\hp officejet J6400 series\hpdjenablestatusclient
[NOTE] The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Malware Defense\settings_0
[NOTE] The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Malware Defense\secstatus_3
[NOTE] The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Malware Defense\secstatus_4
[NOTE] The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Malware Defense\secstatus_5
[NOTE] The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Malware Defense\fd
[NOTE] The registry entry is invisible.
C:\Windows\System32\shdocvw.dll,C:\Windows\System32\tcpmib.dll,C:\Windows\System32\WebClnt.dll,C:\Windows\System32\WPDSp.dll,C:\Windows\System32\Wbem\FunDisc.mof,C:\Windows\System32\Wbem\wpdsp.mof,C:\Windows\Installer\10ebdb5.msi,C:\Windows\Installer\7218f.msi,C:\Windows\Fonts\BOD_CB.TTF,C:\Windows\Fonts\dos737.fon,C:\Windows\Installer\10ebdaf.msi,C:\Windows\Installer\72188.msi,C:\Windows\Fonts\BOD_BLAR.TTF,C:\Windows\Fonts\dokchamp.ttf,C:\Windows\System32\sfc.exe,C:\Windows\System32\tcmsetup.exe,C:\Windows\System32\wdscore.dll,C:\Windows\System32\wpdshext.dll,C:\Windows\System32\Wbem\fdWSD.mof,C:\Windows\System32\Wbem\wpdmtp.mof,C:\Windows\Installer\10ebd9c.msi,C:\Windows\Installer\72175.msi,C:\Windows\Fonts\BOD_B.TTF,C:\Windows\Fonts\david.ttf,
C:\Windows\System32\shdocvw.dll,C:\Windows\System32\tcpmib.dll,C:\Windows\System32\WebClnt.dll,C:\Windows\System32\WPDSp.dll,C:\Windows\System32\Wbem\FunDisc.mof,C:\Windows\System32\Wbem\wpdsp.mof,C:\Windows\Installer\10ebdb5.msi,C:\Windows\Installer\7218f.msi,C:\Windows\Fonts\BOD_CB.TTF,C:\Windows\Fonts\dos737.fon,C:\Windows\Installer\10ebdaf.msi,C:\Windows\Installer\72188.msi,C:\Windows\Fonts\BOD_BLAR.TTF,C:\Windows\Fonts\dokchamp.ttf,C:\Windows\System32\sfc.exe,C:\Windows\System32\tcmsetup.exe,C:\Window
[NOTE] The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Malware Defense\lastscan
[NOTE] The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Malware Defense\infected
[NOTE] The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Malware Defense\secstatus_1
[NOTE] The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.imaadpcm\fdwsupport
[NOTE] The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.imaadpcm\cformattags
[NOTE] The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.imaadpcm\aformattagcache
[NOTE] The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.imaadpcm\cfiltertags
[NOTE] The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.l3acm\fdwsupport
[NOTE] The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.l3acm\cformattags
[NOTE] The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.l3acm\aformattagcache
[NOTE] The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.l3acm\cfiltertags
[NOTE] The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msadpcm\fdwsupport
[NOTE] The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msadpcm\cformattags
[NOTE] The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msadpcm\aformattagcache
[NOTE] The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msadpcm\cfiltertags
[NOTE] The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msg711\fdwsupport
[NOTE] The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msg711\cformattags
[NOTE] The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msg711\aformattagcache
[NOTE] The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msg711\cfiltertags
[NOTE] The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msgsm610\fdwsupport
[NOTE] The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msgsm610\cformattags
[NOTE] The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msgsm610\aformattagcache
[NOTE] The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msgsm610\cfiltertags
[NOTE] The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.siren\fdwsupport
[NOTE] The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.siren\cformattags
[NOTE] The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.siren\aformattagcache
[NOTE] The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.siren\cfiltertags
[NOTE] The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Direct3D\MostRecentApplication\name
[NOTE] The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\last
[NOTE] The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Jet\3.5\Engines\Jet\usercommitsync
[NOTE] The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Works\9.0\Calendar\cursize
[NOTE] The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Works\9.0\Calendar\lastcompactsize
[NOTE] The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Works\9.0\MS Works DB\version
[NOTE] The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Works\9.0\MS Works DB\version
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\TrendMicro\HijackThis\languagefile
[NOTE] The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\TrendMicro\HijackThis\showintroframe
[NOTE] The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\TrendMicro\HijackThis\winheight
[NOTE] The registry entry is invisible.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\TrendMicro\HijackThis\winwidth
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{00020D75-0000-0000-C000-000000000046}\ShellFolder\attributes
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0A4286EA-E355-44FB-8086-AF3DF7645BD9}\localizedstring
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0A4286EA-E355-44FB-8086-AF3DF7645BD9}\localizedstring
C:\Windows\system32\unregmp2.exe /ShowWMP
C:\Windows\system32\unregmp2.exe /ShowWMP
[NOTE] The registry entry is invisible.
C:\Program Files\Windows Media Player
C:\Program Files\Windows Media Player
[NOTE] The registry entry is invisible.
C:\Program Files\Windows Media Player
C:\Windows\system32\wbem\Logs\WMITracing.log
C:\Windows\system32\wbem\Logs\WMITracing.log
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Applets\SysTray\BattMeter\Flyout\381b4222-f694-41f0-9685-ff5bb260df2e
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Applets\SysTray\BattMeter\Flyout\8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Applets\SysTray\BattMeter\Flyout\a1841308-3541-4fab-bc81-f71556f20b4a
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\paths
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\symboliclinkvalue
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Fonts\dokchampa (truetype)
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Fonts\impact (truetype
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Fonts\calibri (truetype
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Fonts\consolas (truetype
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Fonts\constantia (truetype
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Fonts\corbel (truetype
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Fonts\palatino linotype (truetype
[NOTE] The registry entry is invisible.

The scan of running processes will be started
Scan process 'avscan.exe' - '71' Module(s) have been scanned
Scan process 'avcenter.exe' - '102' Module(s) have been scanned
Scan process 'NOTEPAD.EXE' - '22' Module(s) have been scanned
Scan process 'firefox.exe' - '138' Module(s) have been scanned
Scan process 'avgnt.exe' - '64' Module(s) have been scanned
Scan process 'sched.exe' - '55' Module(s) have been scanned
Scan process 'avguard.exe' - '64' Module(s) have been scanned
Scan process 'hpqgpc01.exe' - '28' Module(s) have been scanned
Scan process 'hpqbam08.exe' - '25' Module(s) have been scanned
Scan process 'hpqSTE08.exe' - '61' Module(s) have been scanned
Scan process 'jusched.exe' - '22' Module(s) have been scanned
Scan process 'FATrayAlert.exe' - '48' Module(s) have been scanned
Scan process 'MWSOEMON.EXE' - '19' Module(s) have been scanned
Scan process 'M3SRCHMN.EXE' - '14' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '16' Module(s) have been scanned
Scan process 'PCMService.exe' - '56' Module(s) have been scanned
Scan process 'FATrayMon.exe' - '16' Module(s) have been scanned
Scan process 'mwssvc.exe' - '15' Module(s) have been scanned
Scan process 'svchost.exe' - '41' Module(s) have been scanned
Scan process 'FAService.exe' - '70' Module(s) have been scanned
Scan process 'DockLogin.exe' - '22' Module(s) have been scanned

Starting to scan executable files (registry).
The registry was scanned ( '218' files ).


Starting the file scan:

Begin scan in 'C:' <OS>
C:\Program Files (x86)\Mozilla Firefox\plugins\npclntax_HotbarSA.dll
[DETECTION] Contains recognition pattern of the ADSPY/Hotbar.A.38 adware or spyware
C:\Users\Joshua\AppData\Local\av.exe
[DETECTION] Is the TR/FakeRean.A.56 Trojan
C:\Users\Joshua\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q6UFUWGC\n008106201318r0409J0f000601Rddd790f1Wd3f8311fX94715bb4Ydfc909e5Z0100f0800[1]
[DETECTION] Is the TR/Fake.AVSuite.A Trojan
C:\Users\Joshua\AppData\Local\Temp\H8SRT2387.tmp
[DETECTION] Is the TR/PCK.Tdss.AA.4012 Trojan
C:\Users\Joshua\AppData\Local\Temp\jar_cache131906760114809748.tmp
[0] Archive type: ZIP
[DETECTION] Is the TR/Dldr.Java.Agent.AH Trojan
--> AppletPanel.class
[DETECTION] Is the TR/Dldr.Java.Agent.AH Trojan
--> Main.class
[DETECTION] Is the TR/Dldr.Java.Agent.AH.1 Trojan
C:\Users\Joshua\AppData\Local\Temp\jar_cache1516107575172151262.tmp
[0] Archive type: ZIP
[DETECTION] Is the TR/Dldr.Java.Agent.AH Trojan
--> AppletPanel.class
[DETECTION] Is the TR/Dldr.Java.Agent.AH Trojan
--> Main.class
[DETECTION] Is the TR/Dldr.Java.Agent.AH.1 Trojan
C:\Users\Joshua\AppData\Local\Temp\jar_cache6364842040819007552.tmp
[0] Archive type: ZIP
[DETECTION] Is the TR/Dldr.Java.Agent.AH Trojan
--> AppletPanel.class
[DETECTION] Is the TR/Dldr.Java.Agent.AH Trojan
--> Main.class
[DETECTION] Is the TR/Dldr.Java.Agent.AH.1 Trojan
C:\Users\Joshua\AppData\Local\Temp\tdLB.exe
[DETECTION] Is the TR/Fake.AVSuite.A Trojan

Beginning disinfection:
C:\Users\Joshua\AppData\Local\Temp\tdLB.exe
[DETECTION] Is the TR/Fake.AVSuite.A Trojan
[NOTE] The file was moved to the quarantine directory under the name '48e24262.qua'.
C:\Users\Joshua\AppData\Local\Temp\jar_cache6364842040819007552.tmp
[DETECTION] Is the TR/Dldr.Java.Agent.AH.1 Trojan
[NOTE] The file was moved to the quarantine directory under the name '504f6dca.qua'.
C:\Users\Joshua\AppData\Local\Temp\jar_cache1516107575172151262.tmp
[DETECTION] Is the TR/Dldr.Java.Agent.AH.1 Trojan
[NOTE] The file was moved to the quarantine directory under the name '02103722.qua'.
C:\Users\Joshua\AppData\Local\Temp\jar_cache131906760114809748.tmp
[DETECTION] Is the TR/Dldr.Java.Agent.AH.1 Trojan
[NOTE] The file was moved to the quarantine directory under the name '642778e0.qua'.
C:\Users\Joshua\AppData\Local\Temp\H8SRT2387.tmp
[DETECTION] Is the TR/PCK.Tdss.AA.4012 Trojan
[NOTE] The file was moved to the quarantine directory under the name '21805585.qua'.
C:\Users\Joshua\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q6UFUWGC\n008106201318r0409J0f000601Rddd790f1Wd3f8311fX94715bb4Ydfc909e5Z0100f0800[1]
[DETECTION] Is the TR/Fake.AVSuite.A Trojan
[NOTE] The file was moved to the quarantine directory under the name '596667ec.qua'.
C:\Users\Joshua\AppData\Local\av.exe
[DETECTION] Is the TR/FakeRean.A.56 Trojan
[NOTE] The file was moved to the quarantine directory under the name '15dc4be8.qua'.
C:\Program Files (x86)\Mozilla Firefox\plugins\npclntax_HotbarSA.dll
[DETECTION] Contains recognition pattern of the ADSPY/Hotbar.A.38 adware or spyware
[NOTE] The file was moved to the quarantine directory under the name '6e0b0bb6.qua'.


End of the scan: Friday, April 09, 2010 22:45
Used time: 1:19:27 Hour(s)

The scan has been done completely.

28491 Scanned directories
310811 Files were scanned
11 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
8 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
310800 Files not concerned
1400 Archives were scanned
0 Warnings
8 Notes
825289 Objects were scanned with rootkit scan
69 Hidden objects were found

thanks again.
wisdomizlife
Active Member
 
Posts: 8
Joined: April 7th, 2010, 6:16 pm
Top
Advertisement
Register to Remove

Re: I have 11 detections by antivir...

Unread postby NonSuch » April 10th, 2010, 2:43 am

I see from your HJT log that you're using a 64 bit operating system.

Unfortunately, the tools we use to analyze and remove infections do not work properly on a 64 bit operating system, and their results cannot be relied upon. Because of this, it is almost impossible for us to correctly diagnose problems, and the fixes we might offer could potentially do as much damage to your computer as any infection you might have.

Due to the above stated reasons, we do not at this time offer support for 64 bit operating systems. We are sorry that we are currently unable to assist you.

This topic is now closed.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Top
Topic locked

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 609 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index