Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Malware Infection Help Needed

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Malware Infection Help Needed

Unread postby rjl001 » February 9th, 2011, 5:51 am

I have an acer aspire laptop that has been infected with malware. I am running Vista Home Basic, currently without any service packs because I was advised by a friend to try uninstalling them to try and solve a previous (now resolved) issue with network connectivity. I will reinstall them if I can get the malware removed first...

Initially I had somehow got a rogue AV program causing BSOD on normal start up, which I was only able to remove by running my antivirus from safemode. The PC then seemed to wqrk OK for a few days but now it is generally running extremely slowly. IE and Firefox are both getting hijacked (particularly on clicking links from google searches), and occasionally I get new browsers popping up. Browser response time is very slow, i.e when u click a link it sits with a blank page for a minute or two, then the page loads at almost normal speeds.

I usually run AVG which wasn't able to find any further infection but have uninstalled it because this is a low spec laptop and with the current slowness it is taking an absolute age to boot up with avg installed, and I am having to reboot regularly because of the problems. I would appreciate any suggestions for less system intensive free AV software once we have got rid of this infection.

I have run both Malware Bytes Anti-malware, and Spybot Search and Destroy, both of which have found infections (trojan downloaders / spyware.zbot) but have not cured the problem.

Any help would be much appreciated as the computer is virtually useless currently.

Many thanks.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:48:14, on 09/02/2011
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.17037)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\ZoneLabs\vsmon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Acer\ALaunch\ALaunchSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
D:\Acer Arcade\Kernel\TV\CLCapSvc.exe
D:\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
D:\Acer Arcade\Kernel\TV\CLSched.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Rob\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Users\Rob\Desktop\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.uk.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,C:\Program Files\heukxntb\pkjaindr.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe
O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd
O4 - HKCU\..\Run: [CPN Notifier] C:\Program Files\Cake Poker 2.0\PokerNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3735332181-1676326161-1446212086-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'postgres')
O4 - HKUS\S-1-5-21-3735332181-1676326161-1446212086-1001\..\RunOnce: [AcerScrSav] C:\Windows\Acer\run_NB.exe (User 'postgres')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\office\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Rob\Desktop\PartyPoker.lnk
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Rob\Desktop\PartyPoker.lnk
O9 - Extra button: UB - {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UB\UB.lnk (HKCU)
O9 - Extra 'Tools' menuitem: UB - {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UB\UB.lnk (HKCU)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Monopoly/Images/stg_drm.ocx
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} (Image Uploader Control) - http://www.travelblog.org/Admin/PhotoUp ... oader6.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FDFAC167-FE15-4098-A638-676DD74D6562}: NameServer = 87.117.198.200 87.117.237.100
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: eNetHook.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - D:\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - D:\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - D:\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11267 bytes

Uninstall List
7-Zip 4.65
Acer Arcade
Acer eDataSecurity Management
Acer eLock Management
Acer Empowering Technology
Acer eNet Management
Acer ePower Management
Acer ePresentation Management
Acer eSettings Management
Acer GridVista
Acer Mobility Center Plug-In
Activation Assistant for the 2007 Microsoft Office suites
Adobe AIR
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.0
ALPS Touch Pad Driver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AutoHotkey 1.0.48.05
AVG PC Tuneup 2011
Bonjour
bwin Poker (remove only)
Cake Poker 2.0
Coral Poker
Defraggler
DominateGame 20050929 (dominate)
Full Tilt Poker
gBurner
Google Update Helper
HDAUDIO Soft Data Fax Modem with SmartCP
Holdem Manager
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Graphics Media Accelerator Driver
Intel(R) TV Wizard
Java(TM) 6 Update 18
K-Lite Mega Codec Pack 6.0.0
Launch Manager
LiveUpdate BVRP Software
Malwarebytes' Anti-Malware
Media Player Classic - Home Cinema v. 1.3.1249.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Choice Guard
Microsoft LifeCam
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
mobile PhoneTools
Mozilla Firefox (3.6.8)
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Native Instruments Service Center
NTI Backup NOW! 4.7
NTI Backup NOW! 4.7
NTI CD & DVD-Maker
PartyPoker
PokerRoom Home Game Organizer
PokerStars
PokerStove version 1.23
PostgreSQL 8.3
PowerProducer 3.72
QuickTime
Realtek High Definition Audio Driver
Red Kings Poker (remove only)
Skype™ 5.0
SpeedFan (remove only)
TableNinja
Titan Poker
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VC 9.0 Runtime
WIDCOMM Bluetooth Software 6.0.1.4900
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Yahoo! Toolbar
ZoneAlarm
rjl001
Active Member
 
Posts: 5
Joined: February 9th, 2011, 5:20 am
Advertisement
Register to Remove

Re: Malware Infection Help Needed

Unread postby askey127 » February 12th, 2011, 9:51 pm

Hi rjl001,
You have a completely unpatched version of Vista (no service packs), and no antivirus running.
This is a recipe for a major problem.
I don't know whether this laptop can be rescued without using the System Recovery (restoring it back to the exact state it was in when you bought it)
You do need to be thinking about getting copies of any critical documents and files off it.

If it has one of the new rootkits, attempting to fix it can sometimes go wrong, although I will do verything I can to try and prevent that.
-----------------------------------------------------------
Remove Registry items with HijackThis. Start HijackThis. (Right-click and "Run as administrator")
Click Do System Scan Only. When the Scan is complete, Check the following entries:
(Some of these lines may be missing)

F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,C:\Program Files\heukxntb\pkjaindr.exe,

Make sure Every other window except HJT is closed (No other tabs showing in the bottom tray), and Click Fix Checked
Click the "X" in the upper right corner of the HiJackThis window to close it.
-----------------------------------------------------------
REBOOT (RESTART) Your Machine
-----------------------------------------------
Download Antivir Free
This program is free for personal, non-business use.
Download AntiVir Free from here : http://www.softpedia.com/get/Antivirus/AntiVir-Personal-Edition.shtml
Click the Download button. Then when the "Download Locations" page comes up, choose the first External Mirror (exe)
Save the Installer to your desktop, but don't run it yet. The installer file will be named avira_antivir_personal_en.exe
Double check to be sure you know where to find it.
-----------------------------------------------
Install Antivir
Right Click the Avira Antivir Installer you saved on your desktop, choose "Run as administrator", and let it Install Antivir.
-----------------------------------------------
Update and Scan with Antivir
Right click the red umbrella icon and choose Start Antivir.
When the window comes up click Start Update.
When the update is complete, click on Scan System Now.
This full scan could take a hour or more.
It will ask what to do with any item it finds.
IMPORTANT >> For Now, tell it to IGNORE any items it finds. Do not choose Quarantine or Delete.
-----------------------------------------------
Get Last Avira Report
Right click the red umbrella icon in the system tray and click Start Antivir
In the left pane, click Overview, then click Reports
There wil be reports titled Update and reports titled Scan. Find the most recent report in the list titled Scan
Click on the Report File button, or Right click the report and choose Display Report.
The report contents will come up in Notepad. Highlight the entire report (Ctrl+A) and copy to the clipboard (Ctrl+C).
Paste the contents (Ctrl+V) into your next reply.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Malware Infection Help Needed

Unread postby rjl001 » February 13th, 2011, 6:21 am

I was unable to update Antivir. It is a bit like there is a firewall blocking the software so I can't register during installation. It tells me on install that Windows Defender is running (but it isn't) and I have tried temporarily disabling Zone Alarm, but that didn't help.

I ran the scan without updating anyway have posted a heavily edited log below because the original was far to big to post here, having found >4000 instances of problems. All seem to be traces of W32 ramnit, or html/drop.agent....., so i have just deleted the log where it has found multiple copies of these to allow me to post it here....


Avira AntiVir Personal
Report file date: 13 February 2011 09:03

Scanning for 2364983 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows Vista
Windows version : (plain) [6.0.6000]
Boot mode : Normally booted
Username : SYSTEM
Computer name : ROB-LAPTOP

Version information:
BUILD.DAT : 10.0.0.611 31824 Bytes 14/01/2011 13:42:00
AVSCAN.EXE : 10.0.3.5 435368 Bytes 10/01/2011 13:23:31
AVSCAN.DLL : 10.0.3.0 46440 Bytes 01/04/2010 11:57:04
LUKE.DLL : 10.0.3.2 104296 Bytes 10/01/2011 13:23:40
LUKERES.DLL : 10.0.0.1 12648 Bytes 10/02/2010 22:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 08:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 13:23:50
VBASE002.VDF : 7.11.0.1 2048 Bytes 14/12/2010 13:23:50
VBASE003.VDF : 7.11.0.2 2048 Bytes 14/12/2010 13:23:50
VBASE004.VDF : 7.11.0.3 2048 Bytes 14/12/2010 13:23:50
VBASE005.VDF : 7.11.0.4 2048 Bytes 14/12/2010 13:23:50
VBASE006.VDF : 7.11.0.5 2048 Bytes 14/12/2010 13:23:50
VBASE007.VDF : 7.11.0.6 2048 Bytes 14/12/2010 13:23:50
VBASE008.VDF : 7.11.0.7 2048 Bytes 14/12/2010 13:23:50
VBASE009.VDF : 7.11.0.8 2048 Bytes 14/12/2010 13:23:50
VBASE010.VDF : 7.11.0.9 2048 Bytes 14/12/2010 13:23:50
VBASE011.VDF : 7.11.0.10 2048 Bytes 14/12/2010 13:23:50
VBASE012.VDF : 7.11.0.11 2048 Bytes 14/12/2010 13:23:50
VBASE013.VDF : 7.11.0.52 128000 Bytes 16/12/2010 14:54:35
VBASE014.VDF : 7.11.0.91 226816 Bytes 20/12/2010 16:12:47
VBASE015.VDF : 7.11.0.122 136192 Bytes 21/12/2010 18:09:26
VBASE016.VDF : 7.11.0.156 122880 Bytes 24/12/2010 08:41:13
VBASE017.VDF : 7.11.0.185 146944 Bytes 27/12/2010 13:39:57
VBASE018.VDF : 7.11.0.228 132608 Bytes 30/12/2010 15:23:58
VBASE019.VDF : 7.11.1.5 148480 Bytes 03/01/2011 16:45:39
VBASE020.VDF : 7.11.1.37 156672 Bytes 07/01/2011 08:30:06
VBASE021.VDF : 7.11.1.65 140800 Bytes 10/01/2011 12:12:43
VBASE022.VDF : 7.11.1.87 225280 Bytes 11/01/2011 13:47:36
VBASE023.VDF : 7.11.1.88 2048 Bytes 11/01/2011 13:47:36
VBASE024.VDF : 7.11.1.89 2048 Bytes 11/01/2011 13:47:36
VBASE025.VDF : 7.11.1.90 2048 Bytes 11/01/2011 13:47:36
VBASE026.VDF : 7.11.1.91 2048 Bytes 11/01/2011 13:47:37
VBASE027.VDF : 7.11.1.92 2048 Bytes 11/01/2011 13:47:37
VBASE028.VDF : 7.11.1.93 2048 Bytes 11/01/2011 13:47:37
VBASE029.VDF : 7.11.1.94 2048 Bytes 11/01/2011 13:47:37
VBASE030.VDF : 7.11.1.95 2048 Bytes 11/01/2011 13:47:37
VBASE031.VDF : 7.11.1.117 94208 Bytes 13/01/2011 12:34:25
Engineversion : 8.2.4.140
AEVDF.DLL : 8.1.2.1 106868 Bytes 10/01/2011 13:23:26
AESCRIPT.DLL : 8.1.3.52 1282426 Bytes 06/01/2011 16:51:44
AESCN.DLL : 8.1.7.2 127349 Bytes 10/01/2011 13:23:26
AESBX.DLL : 8.1.3.2 254324 Bytes 10/01/2011 13:23:26
AERDL.DLL : 8.1.9.2 635252 Bytes 10/01/2011 13:23:25
AEPACK.DLL : 8.2.4.7 512375 Bytes 06/01/2011 16:51:44
AEOFFICE.DLL : 8.1.1.10 201084 Bytes 10/01/2011 13:23:25
AEHEUR.DLL : 8.1.2.64 3154294 Bytes 06/01/2011 16:51:44
AEHELP.DLL : 8.1.16.0 246136 Bytes 10/01/2011 13:23:19
AEGEN.DLL : 8.1.5.1 397683 Bytes 06/01/2011 16:51:43
AEEMU.DLL : 8.1.3.0 393589 Bytes 10/01/2011 13:23:18
AECORE.DLL : 8.1.19.0 196984 Bytes 10/01/2011 13:23:18
AEBB.DLL : 8.1.1.0 53618 Bytes 10/01/2011 13:23:18
AVWINLL.DLL : 10.0.0.0 19304 Bytes 10/01/2011 13:23:32
AVPREF.DLL : 10.0.0.0 44904 Bytes 10/01/2011 13:23:30
AVREP.DLL : 10.0.0.8 62209 Bytes 17/06/2010 13:27:13
AVREG.DLL : 10.0.3.2 53096 Bytes 10/01/2011 13:23:31
AVSCPLR.DLL : 10.0.3.2 84328 Bytes 10/01/2011 13:23:31
AVARKT.DLL : 10.0.22.6 231784 Bytes 10/01/2011 13:23:27
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 10/01/2011 13:23:28
SQLITE3.DLL : 3.6.19.0 355688 Bytes 17/06/2010 13:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 10/01/2011 13:23:31
NETNT.DLL : 10.0.0.0 11624 Bytes 17/06/2010 13:27:21
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28/01/2010 12:10:20
RCTEXT.DLL : 10.0.58.0 97128 Bytes 10/01/2011 13:23:52

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: 13 February 2011 09:03

Starting search for hidden objects.
c:\acer\empowering technology\erecovery\mbrwrwin.exe
c:\acer\empowering technology\erecovery\mbrwrwin.exe
[DETECTION] Contains recognition pattern of the W32/Ramnit.C Windows virus
[NOTE] The process is not visible.
Scan process 'svchost.exe' - '40' Module(s) have been scanned
Scan process 'vssvc.exe' - '53' Module(s) have been scanned
Scan process 'avscan.exe' - '84' Module(s) have been scanned
Scan process 'iexplore.exe' - '128' Module(s) have been scanned
Scan process 'avcenter.exe' - '67' Module(s) have been scanned
Scan process 'avgnt.exe' - '55' Module(s) have been scanned
Scan process 'sched.exe' - '61' Module(s) have been scanned
Scan process 'avshadow.exe' - '39' Module(s) have been scanned
Scan process 'avguard.exe' - '82' Module(s) have been scanned
Scan process 'Apntex.exe' - '24' Module(s) have been scanned
Scan process 'RtkBtMnt.exe' - '32' Module(s) have been scanned
Scan process 'igfxext.exe' - '26' Module(s) have been scanned
Scan process 'ApMsgFwd.exe' - '22' Module(s) have been scanned
Scan process 'svchost.exe' - '66' Module(s) have been scanned
Scan process 'igfxsrvc.exe' - '34' Module(s) have been scanned
Scan process 'unsecapp.exe' - '34' Module(s) have been scanned
Scan process 'BTTray.exe' - '58' Module(s) have been scanned
Scan process 'jusched.exe' - '23' Module(s) have been scanned
Scan process 'igfxpers.exe' - '29' Module(s) have been scanned
Scan process 'hkcmd.exe' - '28' Module(s) have been scanned
Scan process 'wmdSync.exe' - '34' Module(s) have been scanned
Scan process 'Apoint.exe' - '38' Module(s) have been scanned
Scan process 'LManager.exe' - '56' Module(s) have been scanned
Module is infected -> <C:\Program Files\Launch Manager\SZUPFUTL.DLL>
[DETECTION] Contains recognition pattern of the W32/Ramnit.C Windows virus
Module is infected -> <C:\Program Files\Launch Manager\RGNMAKER.DLL>
[DETECTION] Contains recognition pattern of the W32/Ramnit.C Windows virus
Module is infected -> <C:\Program Files\Launch Manager\CDROMUTL.DLL>
[DETECTION] Contains recognition pattern of the W32/Ramnit.C Windows virus
Module is infected -> <C:\Program Files\Launch Manager\MIXERUTL.DLL>
[DETECTION] Contains recognition pattern of the W32/Ramnit.C Windows virus
Module is infected -> <C:\Program Files\Launch Manager\WND2FILE.DLL>
[DETECTION] Contains recognition pattern of the W32/Ramnit.C Windows virus
Module is infected -> <C:\Program Files\Launch Manager\PowerUtl.dll>
[DETECTION] Contains recognition pattern of the W32/Ramnit.C Windows virus
Module is infected -> <C:\Program Files\Launch Manager\LGKCUTL.DLL>
[DETECTION] Contains recognition pattern of the W32/Ramnit.C Windows virus
Scan process 'RtHDVCpl.exe' - '51' Module(s) have been scanned
Scan process 'unsecapp.exe' - '35' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '39' Module(s) have been scanned
Scan process 'postgres.exe' - '42' Module(s) have been scanned
Scan process 'postgres.exe' - '42' Module(s) have been scanned
Scan process 'postgres.exe' - '42' Module(s) have been scanned
Scan process 'postgres.exe' - '42' Module(s) have been scanned
Scan process 'ePowerSvc.exe' - '49' Module(s) have been scanned
Scan process 'capuserv.exe' - '37' Module(s) have been scanned
Scan process 'eRecoveryService.exe' - '50' Module(s) have been scanned
Scan process 'CLSched.exe' - '37' Module(s) have been scanned
Scan process 'xaudio.exe' - '21' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '64' Module(s) have been scanned
Scan process 'svchost.exe' - '21' Module(s) have been scanned
Scan process 'postgres.exe' - '58' Module(s) have been scanned
Scan process 'svchost.exe' - '48' Module(s) have been scanned
Scan process 'svchost.exe' - '46' Module(s) have been scanned
Scan process 'pg_ctl.exe' - '48' Module(s) have been scanned
Scan process 'iexplore.exe' - '39' Module(s) have been scanned
Scan process 'iexplore.exe' - '53' Module(s) have been scanned
Scan process 'MSCamS32.exe' - '24' Module(s) have been scanned
Scan process 'MobilityService.exe' - '41' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '27' Module(s) have been scanned
Scan process 'eNet Service.exe' - '52' Module(s) have been scanned
Scan process 'eLockServ.exe' - '41' Module(s) have been scanned
Scan process 'eDSService.exe' - '32' Module(s) have been scanned
Scan process 'CLMLServer.exe' - '32' Module(s) have been scanned
Scan process 'CLCapSvc.exe' - '62' Module(s) have been scanned
Scan process 'svchost.exe' - '36' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '38' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '37' Module(s) have been scanned
Scan process 'ALaunchSvc.exe' - '40' Module(s) have been scanned
Scan process 'taskeng.exe' - '84' Module(s) have been scanned
Scan process 'taskeng.exe' - '50' Module(s) have been scanned
Scan process 'svchost.exe' - '23' Module(s) have been scanned
Scan process 'iexplore.exe' - '39' Module(s) have been scanned
Scan process 'iexplore.exe' - '53' Module(s) have been scanned
Scan process 'Explorer.EXE' - '140' Module(s) have been scanned
Module is infected -> <C:\Program Files\7-Zip\7-zip.dll>
[DETECTION] Contains recognition pattern of the W32/Ramnit.C Windows virus
Scan process 'svchost.exe' - '91' Module(s) have been scanned
Scan process 'svchost.exe' - '73' Module(s) have been scanned
Scan process 'SLsvc.exe' - '27' Module(s) have been scanned
Scan process 'svchost.exe' - '132' Module(s) have been scanned
Scan process 'svchost.exe' - '109' Module(s) have been scanned
Scan process 'svchost.exe' - '55' Module(s) have been scanned
Scan process 'svchost.exe' - '52' Module(s) have been scanned
Scan process 'svchost.exe' - '40' Module(s) have been scanned
Scan process 'svchost.exe' - '47' Module(s) have been scanned
Scan process 'lsm.exe' - '30' Module(s) have been scanned
Scan process 'lsass.exe' - '67' Module(s) have been scanned
Scan process 'services.exe' - '40' Module(s) have been scanned
Scan process 'winlogon.exe' - '37' Module(s) have been scanned
Scan process 'csrss.exe' - '16' Module(s) have been scanned
Scan process 'wininit.exe' - '34' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned
c:\acer\empowering technology\erecovery\mbrwrwin.exe
Scan process 'svchost.exe' - '40' Module(s) have been scanned
Scan process 'vssvc.exe' - '53' Module(s) have been scanned
Scan process 'avscan.exe' - '84' Module(s) have been scanned
Scan process 'iexplore.exe' - '128' Module(s) have been scanned
Scan process 'avcenter.exe' - '67' Module(s) have been scanned
Scan process 'avgnt.exe' - '55' Module(s) have been scanned
Scan process 'sched.exe' - '61' Module(s) have been scanned
Scan process 'avshadow.exe' - '39' Module(s) have been scanned
Scan process 'avguard.exe' - '82' Module(s) have been scanned
Scan process 'Apntex.exe' - '24' Module(s) have been scanned
Scan process 'RtkBtMnt.exe' - '32' Module(s) have been scanned
Scan process 'igfxext.exe' - '26' Module(s) have been scanned
Scan process 'ApMsgFwd.exe' - '22' Module(s) have been scanned
Scan process 'svchost.exe' - '66' Module(s) have been scanned
Scan process 'igfxsrvc.exe' - '34' Module(s) have been scanned
Scan process 'unsecapp.exe' - '34' Module(s) have been scanned
Scan process 'BTTray.exe' - '58' Module(s) have been scanned
Scan process 'jusched.exe' - '23' Module(s) have been scanned
Scan process 'igfxpers.exe' - '29' Module(s) have been scanned
Scan process 'hkcmd.exe' - '28' Module(s) have been scanned
Scan process 'wmdSync.exe' - '34' Module(s) have been scanned
Scan process 'Apoint.exe' - '38' Module(s) have been scanned
Scan process 'LManager.exe' - '56' Module(s) have been scanned
Module is infected -> <C:\Program Files\Launch Manager\SZUPFUTL.DLL>
Module is infected -> <C:\Program Files\Launch Manager\RGNMAKER.DLL>
Module is infected -> <C:\Program Files\Launch Manager\CDROMUTL.DLL>
Module is infected -> <C:\Program Files\Launch Manager\MIXERUTL.DLL>
Module is infected -> <C:\Program Files\Launch Manager\WND2FILE.DLL>
Module is infected -> <C:\Program Files\Launch Manager\PowerUtl.dll>
Module is infected -> <C:\Program Files\Launch Manager\LGKCUTL.DLL>
Scan process 'RtHDVCpl.exe' - '51' Module(s) have been scanned
Scan process 'unsecapp.exe' - '35' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '39' Module(s) have been scanned
Scan process 'postgres.exe' - '42' Module(s) have been scanned
Scan process 'postgres.exe' - '42' Module(s) have been scanned
Scan process 'postgres.exe' - '42' Module(s) have been scanned
Scan process 'postgres.exe' - '42' Module(s) have been scanned
Scan process 'ePowerSvc.exe' - '49' Module(s) have been scanned
Scan process 'capuserv.exe' - '37' Module(s) have been scanned
Scan process 'eRecoveryService.exe' - '50' Module(s) have been scanned
Scan process 'CLSched.exe' - '37' Module(s) have been scanned
Scan process 'xaudio.exe' - '21' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '64' Module(s) have been scanned
Scan process 'svchost.exe' - '21' Module(s) have been scanned
Scan process 'postgres.exe' - '58' Module(s) have been scanned
Scan process 'svchost.exe' - '48' Module(s) have been scanned
Scan process 'svchost.exe' - '46' Module(s) have been scanned
Scan process 'pg_ctl.exe' - '48' Module(s) have been scanned
Scan process 'iexplore.exe' - '39' Module(s) have been scanned
Scan process 'iexplore.exe' - '53' Module(s) have been scanned
Scan process 'MSCamS32.exe' - '24' Module(s) have been scanned
Scan process 'MobilityService.exe' - '41' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '27' Module(s) have been scanned
Scan process 'eNet Service.exe' - '52' Module(s) have been scanned
Scan process 'eLockServ.exe' - '41' Module(s) have been scanned
Scan process 'eDSService.exe' - '32' Module(s) have been scanned
Scan process 'CLMLServer.exe' - '32' Module(s) have been scanned
Scan process 'CLCapSvc.exe' - '62' Module(s) have been scanned
Scan process 'svchost.exe' - '36' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '38' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '37' Module(s) have been scanned
Scan process 'ALaunchSvc.exe' - '40' Module(s) have been scanned
Scan process 'taskeng.exe' - '84' Module(s) have been scanned
Scan process 'taskeng.exe' - '50' Module(s) have been scanned
Scan process 'svchost.exe' - '23' Module(s) have been scanned
Scan process 'iexplore.exe' - '39' Module(s) have been scanned
Scan process 'iexplore.exe' - '53' Module(s) have been scanned
Scan process 'Explorer.EXE' - '140' Module(s) have been scanned
Module is infected -> <C:\Program Files\7-Zip\7-zip.dll>
Scan process 'svchost.exe' - '91' Module(s) have been scanned
Scan process 'svchost.exe' - '73' Module(s) have been scanned
Scan process 'SLsvc.exe' - '27' Module(s) have been scanned
Scan process 'svchost.exe' - '132' Module(s) have been scanned
Scan process 'svchost.exe' - '109' Module(s) have been scanned
Scan process 'svchost.exe' - '55' Module(s) have been scanned
Scan process 'svchost.exe' - '52' Module(s) have been scanned
Scan process 'svchost.exe' - '40' Module(s) have been scanned
Scan process 'svchost.exe' - '47' Module(s) have been scanned
Scan process 'lsm.exe' - '30' Module(s) have been scanned
Scan process 'lsass.exe' - '67' Module(s) have been scanned
Scan process 'services.exe' - '40' Module(s) have been scanned
Scan process 'winlogon.exe' - '37' Module(s) have been scanned
Scan process 'csrss.exe' - '16' Module(s) have been scanned
Scan process 'wininit.exe' - '34' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

The scan of running processes will be started
Scan process 'svchost.exe' - '40' Module(s) have been scanned
Scan process 'vssvc.exe' - '53' Module(s) have been scanned
Scan process 'avscan.exe' - '84' Module(s) have been scanned
Scan process 'iexplore.exe' - '128' Module(s) have been scanned
Scan process 'avcenter.exe' - '67' Module(s) have been scanned
Scan process 'avgnt.exe' - '55' Module(s) have been scanned
Scan process 'sched.exe' - '61' Module(s) have been scanned
Scan process 'avshadow.exe' - '39' Module(s) have been scanned
Scan process 'avguard.exe' - '82' Module(s) have been scanned
Scan process 'Apntex.exe' - '24' Module(s) have been scanned
Scan process 'RtkBtMnt.exe' - '32' Module(s) have been scanned
Scan process 'igfxext.exe' - '26' Module(s) have been scanned
Scan process 'ApMsgFwd.exe' - '22' Module(s) have been scanned
Scan process 'svchost.exe' - '66' Module(s) have been scanned
Scan process 'igfxsrvc.exe' - '34' Module(s) have been scanned
Scan process 'unsecapp.exe' - '34' Module(s) have been scanned
Scan process 'BTTray.exe' - '58' Module(s) have been scanned
Scan process 'jusched.exe' - '23' Module(s) have been scanned
Scan process 'igfxpers.exe' - '29' Module(s) have been scanned
Scan process 'hkcmd.exe' - '28' Module(s) have been scanned
Scan process 'wmdSync.exe' - '34' Module(s) have been scanned
Scan process 'Apoint.exe' - '38' Module(s) have been scanned
Scan process 'LManager.exe' - '56' Module(s) have been scanned
Module is infected -> <C:\Program Files\Launch Manager\SZUPFUTL.DLL>
Module is infected -> <C:\Program Files\Launch Manager\RGNMAKER.DLL>
Module is infected -> <C:\Program Files\Launch Manager\CDROMUTL.DLL>
Module is infected -> <C:\Program Files\Launch Manager\MIXERUTL.DLL>
Module is infected -> <C:\Program Files\Launch Manager\WND2FILE.DLL>
Module is infected -> <C:\Program Files\Launch Manager\PowerUtl.dll>
Module is infected -> <C:\Program Files\Launch Manager\LGKCUTL.DLL>
Scan process 'RtHDVCpl.exe' - '51' Module(s) have been scanned
Scan process 'unsecapp.exe' - '35' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '39' Module(s) have been scanned
Scan process 'postgres.exe' - '42' Module(s) have been scanned
Scan process 'postgres.exe' - '42' Module(s) have been scanned
Scan process 'postgres.exe' - '42' Module(s) have been scanned
Scan process 'postgres.exe' - '42' Module(s) have been scanned
Scan process 'ePowerSvc.exe' - '49' Module(s) have been scanned
Scan process 'capuserv.exe' - '37' Module(s) have been scanned
Scan process 'eRecoveryService.exe' - '50' Module(s) have been scanned
Scan process 'CLSched.exe' - '37' Module(s) have been scanned
Scan process 'xaudio.exe' - '21' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '64' Module(s) have been scanned
Scan process 'svchost.exe' - '21' Module(s) have been scanned
Scan process 'postgres.exe' - '58' Module(s) have been scanned
Scan process 'svchost.exe' - '48' Module(s) have been scanned
Scan process 'svchost.exe' - '46' Module(s) have been scanned
Scan process 'pg_ctl.exe' - '48' Module(s) have been scanned
Scan process 'iexplore.exe' - '39' Module(s) have been scanned
Scan process 'iexplore.exe' - '53' Module(s) have been scanned
Scan process 'MSCamS32.exe' - '24' Module(s) have been scanned
Scan process 'MobilityService.exe' - '41' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '27' Module(s) have been scanned
Scan process 'eNet Service.exe' - '52' Module(s) have been scanned
Scan process 'eLockServ.exe' - '41' Module(s) have been scanned
Scan process 'eDSService.exe' - '32' Module(s) have been scanned
Scan process 'CLMLServer.exe' - '32' Module(s) have been scanned
Scan process 'CLCapSvc.exe' - '62' Module(s) have been scanned
Scan process 'svchost.exe' - '36' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '38' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '37' Module(s) have been scanned
Scan process 'ALaunchSvc.exe' - '40' Module(s) have been scanned
Scan process 'taskeng.exe' - '84' Module(s) have been scanned
Scan process 'taskeng.exe' - '50' Module(s) have been scanned
Scan process 'svchost.exe' - '23' Module(s) have been scanned
Scan process 'iexplore.exe' - '39' Module(s) have been scanned
Scan process 'iexplore.exe' - '53' Module(s) have been scanned
Scan process 'Explorer.EXE' - '140' Module(s) have been scanned
Module is infected -> <C:\Program Files\7-Zip\7-zip.dll>
Scan process 'svchost.exe' - '91' Module(s) have been scanned
Scan process 'svchost.exe' - '73' Module(s) have been scanned
Scan process 'SLsvc.exe' - '27' Module(s) have been scanned
Scan process 'svchost.exe' - '132' Module(s) have been scanned
Scan process 'svchost.exe' - '109' Module(s) have been scanned
Scan process 'svchost.exe' - '55' Module(s) have been scanned
Scan process 'svchost.exe' - '52' Module(s) have been scanned
Scan process 'svchost.exe' - '40' Module(s) have been scanned
Scan process 'svchost.exe' - '47' Module(s) have been scanned
Scan process 'lsm.exe' - '30' Module(s) have been scanned
Scan process 'lsass.exe' - '67' Module(s) have been scanned
Scan process 'services.exe' - '40' Module(s) have been scanned
Scan process 'winlogon.exe' - '37' Module(s) have been scanned
Scan process 'csrss.exe' - '16' Module(s) have been scanned
Scan process 'wininit.exe' - '34' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
[DETECTION] Contains recognition pattern of the W32/Ramnit.C Windows virus
C:\Program Files\Common Files\System\OLE DB\msdaipp.dll
[DETECTION] Contains recognition pattern of the W32/Ramnit.C Windows virus
C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
[DETECTION] Contains recognition pattern of the W32/Ramnit.C Windows virus
C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
[DETECTION] Contains recognition pattern of the W32/Ramnit.C Windows virus
C:\Program Files\7-Zip\7-zip.dll
[DETECTION] Contains recognition pattern of the W32/Ramnit.C Windows virus
C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
[DETECTION] Contains recognition pattern of the W32/Ramnit.C Windows virus
D:\K-Lite Codec Pack\Filters\Haali\dxr.dll
[DETECTION] Contains recognition pattern of the W32/Ramnit.C Windows virus
D:\K-Lite Codec Pack\Filters\vsfilter.dll
[DETECTION] Contains recognition pattern of the W32/Ramnit.C Windows virus
D:\K-Lite Codec Pack\Filters\vp8decoder.dll
[DETECTION] Contains recognition pattern of the W32/Ramnit.C Windows virus
C:\Program Files\QuickTime\QTTask.exe
[DETECTION] Contains recognition pattern of the W32/Ramnit.C Windows virus
C:\Program Files\Java\jre6\bin\regutils.dll
[DETECTION] Contains recognition pattern of the W32/Ramnit.C Windows virus

The registry was scanned ( '1874' files ).


Starting the file scan:

Begin scan in 'C:\' <ACER>
C:\Acer\ALaunch\ALaunch.exe
[DETECTION] Contains recognition pattern of the W32/Ramnit.C Windows virus
C:\Acer\Empowering Technology\mfc71u.dll
[DETECTION] Contains recognition pattern of the W32/Ramnit.C Windows virus
C:\Acer\Empowering Technology\msvcr71.dll
[DETECTION] Contains recognition pattern of the W32/Ramnit.C Windows virus
C:\Acer\Empowering Technology\Remove_eRecovery.exe
[DETECTION] Contains recognition pattern of the W32/Ramnit.C Windows virus
C:\Acer\Empowering Technology\eDataSecurity\chkacerDLL.dll
[DETECTION] Contains recognition pattern of the W32/Ramnit.C Windows virus
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
[DETECTION] Contains recognition pattern of the W32/Ramnit.C Windows virus
C:\Acer\Empowering Technology\eDataSecurity\help\ReleaseNotes.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
C:\Acer\Empowering Technology\eNet\acerDeviceMgrUtil.dll
[DETECTION] Contains recognition pattern of the W32/Ramnit.C Windows virus
C:\Acer\Empowering Technology\eNet\CompileMOF.exe
[DETECTION] Contains recognition pattern of the W32/Ramnit.C Windows virus
C:\Acer\Empowering Technology\eNet\eNMIPCmm.dll
[DETECTION] Contains recognition pattern of the W32/Ramnit.C Windows virus
C:\Acer\Empowering Technology\eNet\Network.dll
[DETECTION] Contains recognition pattern of the W32/Ramnit.C Windows virus
C:\Acer\Empowering Technology\eNet\NetworkCardMgr.dll
[DETECTION] Contains recognition pattern of the W32/Ramnit.C Windows virus
C:\Acer\Empowering Technology\eNet\StdInOutRedirect.dll
[DETECTION] Contains recognition pattern of the W32/Ramnit.C Windows virus
C:\Acer\Empowering Technology\eNet\WriteAcerAdapterKey.exe
[DETECTION] Contains recognition pattern of the W32/Ramnit.C Windows virus

[WARNING] The file was ignored!
C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS58a04a822e3e50102bd615109794195ff-7d19.html
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[WARNING] The file was ignored!
C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS58a04a822e3e50102bd615109794195ff-7d16.html
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[WARNING] The file was ignored!
C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS58a04a822e3e50102bd615109794195ff-7d15.html
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[WARNING] The file was ignored!
C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS58a04a822e3e50102bd615109794195ff-7d11.html
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[WARNING] The file was ignored!
C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS58a04a822e3e50102bd615109794195ff-7cce.html
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[WARNING] The file was ignored!
C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS58a04a822e3e50102bd615109794195ff-7ccd.html
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[WARNING] The file was ignored!
C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS58a04a822e3e50102bd615109794195ff-7cc7.html
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[WARNING] The file was ignored!
C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS58a04a822e3e50102bd615109794195ff-7cc5.html
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[WARNING] The file was ignored!
C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS58a04a822e3e50102bd615109794195ff-7bdf.html
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[WARNING] The file was ignored!
C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS58a04a822e3e50102bd615109794195ff-7bde.html
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[WARNING] The file was ignored!
C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS58a04a822e3e50102bd615109794195ff-7bdd.html
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[WARNING] The file was ignored!
C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS58a04a822e3e50102bd615109794195ff-7bdc.html
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[WARNING] The file was ignored!
C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS58a04a822e3e50102bd615109794195ff-7bd0.html
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[WARNING] The file was ignored!
C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS58a04a822e3e50102bd615109794195ff-7aec.html
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[WARNING] The file was ignored!
C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS58a04a822e3e50102bd615109794195ff-7aeb.html
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[WARNING] The file was ignored!
C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS58a04a822e3e50102bd615109794195ff-7aea.html
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[WARNING] The file was ignored!

[WARNING] The file was ignored!
C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS1666A4B0-1078-4ff8-80CC-CD83DABC3EB8.html
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[WARNING] The file was ignored!
C:\Program Files\Common Files\Adobe\Help\en_US\Adobe Reader\8.0\WS11697F60-6BCC-4981-9C22-7A4611EC0268.html

[WARNING] The file was ignored!
C:\Poker\Titan Poker\data\videoslots.dll
[DETECTION] Contains recognition pattern of the W32/Ramnit.C Windows virus
[WARNING] The file was ignored!

C:\Poker\Titan Poker\cactivex.dll
[DETECTION] Contains recognition pattern of the W32/Ramnit.C Windows virus
[WARNING] The file was ignored!
C:\f3dc8ae3f39c4aac64cb040b\readme\ja-jp\readmesp.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[WARNING] The file was ignored!

[WARNING] The file was ignored!
C:\f3dc8ae3f39c4aac64cb040b\readme\de-de\readmesp.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[WARNING] The file was ignored!
C:\f3dc8ae3f39c4aac64cb040b\spwizui.dll
[DETECTION] Contains recognition pattern of the W32/Ramnit.C Windows virus
[WARNING] The file was ignored!
C:\DRV\VGA\Intel\Graphics\oemdspif.dll
[DETECTION] Contains recognition pattern of the W32/Ramnit.C Windows virus
[WARNING] The file was ignored!

[DETECTION] Contains recognition pattern of the W32/Ramnit.C Windows virus
[WARNING] The file was ignored!
C:\DRV\802ABG\XP\Drivers\NETw2c32.DLL
[DETECTION] Contains recognition pattern of the W32/Ramnit.C Windows virus
[WARNING] The file was ignored!


n of the HTML/Drop.Agent.AB HTML script virus
[WARNING] The file was ignored!
C:\DRV\802ABG\Vista\Docs\KOR\support.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[WARNING] The file was ignored!

C:\DRV\802ABG\Vista\Docs\HUN\warranty.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[WARNING] The file was ignored!
C:\DRV\802ABG\Vista\Docs\HUN\support.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[WARNING] The file was ignored!
C:\DRV\802ABG\Vista\Docs\HUN\specs.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[WARNING] The file was ignored!
C:\DRV\802ABG\Vista\Docs\HUN\regs.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[WARNING] The file was ignored!
C:\DRV\802ABG\Vista\Docs\HUN\index.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[WARNING] The file was ignored!
C:\DRV\802ABG\Vista\Docs\HEB\warranty.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[WARNING] The file was ignored!
C:\DRV\802ABG\Vista\Docs\HEB\support.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[WARNING] The file was ignored!
C:\DRV\802ABG\Vista\Docs\HEB\specs.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[WARNING] The file was ignored!
C:\DRV\802ABG\Vista\Docs\HEB\regs.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[WARNING] The file was ignored!
C:\DRV\802ABG\Vista\Docs\HEB\index.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[WARNING] The file was ignored!
C:\DRV\802ABG\Vista\Docs\FRA\warranty.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[WARNING] The file was ignored!
C:\DRV\802ABG\Vista\Docs\FRA\support.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[WARNING] The file was ignored!
C:\DRV\802ABG\Vista\Docs\FRA\specs.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[WARNING] The file was ignored!
C:\DRV\802ABG\Vista\Docs\FRA\regs.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[WARNING] The file was ignored!
C:\DRV\802ABG\Vista\Docs\FRA\index.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[WARNING] The file was ignored!

C:\DRV\802ABG\Vista\Docs\ENU\specs.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[WARNING] The file was ignored!
C:\DRV\802ABG\Vista\Docs\ENU\regs.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[WARNING] The file was ignored!
C:\DRV\802ABG\Vista\Docs\ENU\index.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[WARNING] The file was ignored!

[WARNING] The file was ignored!
C:\DRV\802ABG\Vista\Docs\ARA\regs.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[WARNING] The file was ignored!
C:\DRV\802ABG\Vista\Docs\ARA\index.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[WARNING] The file was ignored!
C:\DRV\802ABG\Vista\Docs\iULaunch.exe
[DETECTION] Contains recognition pattern of the W32/Ramnit.C Windows virus
[WARNING] The file was ignored!
C:\DRV\802ABG\Vista\Apps\v32\iProData\iconvrtr.exe
[DETECTION] Contains recognition pattern of the W32/Ramnit.C Windows virus
[WARNING] The file was ignored!

C:\Acer\Empowering Technology\eRecovery\Autorun\SW2\Producer\Readme\Read_Trk.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[WARNING] The file was ignored!

[WARNING] The file was ignored!
C:\Acer\Empowering Technology\eRecovery\Autorun\SW2\Producer\Readme\Read_Csy.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[WARNING] The file was ignored!
C:\Acer\Empowering Technology\eRecovery\Autorun\SW2\Producer\Readme\Read_CHT.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[WARNING] The file was ignored!

[WARNING] The file was ignored!

[WARNING] The file was ignored!
C:\Acer\Empowering Technology\eRecovery\Autorun\SW1\LAUNCHM\CDROMUTL.DLL
[DETECTION] Contains recognition pattern of the W32/Ramnit.C Windows virus
[WARNING] The file was ignored!
C:\Acer\Empowering Technology\eRecovery\Autorun\SW1\Lan\Manuals\Japanese\windrv.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[WARNING] The file was ignored!
C:\Acer\Empowering Technology\eRecovery\Autorun\SW1\Lan\Manuals\Japanese\trouble.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[WARNING] The file was ignored!

[WARNING] The file was ignored!
C:\Acer\Empowering Technology\eRecovery\Autorun\SW1\Lan\Manuals\English\dosodi.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[WARNING] The file was ignored!
C:\Acer\Empowering Technology\eRecovery\Autorun\SW1\Lan\Manuals\English\dosdiag.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[WARNING] The file was ignored!
C:\Acer\Empowering Technology\eRecovery\Autorun\SW1\Lan\Manuals\English\bacs.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[WARNING] The file was ignored!
C:\Acer\Empowering Technology\eRecovery\Autorun\SW1\Lan\FwUpg\Win\IA32\WinFWUpg.exe
[DETECTION] Contains recognition pattern of the W32/Ramnit.C Windows virus
[WARNING] The file was ignored!
C:\Acer\Empowering Technology\eRecovery\Autorun\SW1\Lan\FwUpg\Win\IA32\BMAPI.dll
[DETECTION] Contains recognition pattern of the W32/Ramnit.C Windows virus
[WARNING] The file was ignored!
C:\Acer\Empowering Technology\eRecovery\Autorun\SW1\FMODEM\xaudio.exe
[DETECTION] Contains recognition pattern of the W32/Ramnit.C Windows virus
[WARNING] The file was ignored!
C:\Acer\Empowering Technology\eRecovery\Autorun\SW1\FMODEM\UIU32m.exe
[DETECTION] Contains recognition pattern of the W32/Ramnit.C Windows virus
[WARNING] The file was ignored!
C:\Acer\Empowering Technology\eRecovery\Autorun\SW1\FMODEM\UCI32M19.dll
[DETECTION] Contains recognition pattern of the W32/Ramnit.C Windows virus
[WARNING] The file was ignored!

[WARNING] The file was ignored!
C:\Acer\Empowering Technology\eRecovery\Autorun\SW1\802ABG\XP\Drivers\NETw4c32.DLL
[DETECTION] Contains recognition pattern of the W32/Ramnit.C Windows virus
[WARNING] The file was ignored!
C:\Acer\Empowering Technology\eRecovery\Autorun\SW1\802ABG\XP\Drivers\NETw2c32.DLL
[DETECTION] Contains recognition pattern of the W32/Ramnit.C Windows virus
[WARNING] The file was ignored!
C:\Acer\Empowering Technology\eRecovery\Autorun\SW1\802ABG\XP\Docs\TRK\wlan.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[WARNING] The file was ignored!
C:\Acer\Empowering Technology\eRecovery\Autorun\SW1\802ABG\XP\Docs\TRK\wepsetup.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[WARNING] The file was ignored!


[WARNING] The file was ignored!
C:\Acer\Empowering Technology\eRecovery\Autorun\SW1\802ABG\XP\Docs\ARA\security.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[WARNING] The file was ignored!
C:\Acer\Empowering Technology\eRecovery\Autorun\SW1\802ABG\XP\Docs\ARA\regs.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[WARNING] The file was ignored!
C:\Acer\Empowering Technology\eRecovery\Autorun\SW1\802ABG\XP\Docs\ARA\profiles.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[WARNING] The file was ignored!
C:\Acer\Empowering Technology\eRecovery\Autorun\SW1\802ABG\XP\Docs\ARA\index.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[WARNING] The file was ignored!
C:\Acer\Empowering Technology\eRecovery\Autorun\SW1\802ABG\XP\Docs\ARA\glossary.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[WARNING] The file was ignored!
C:\Acer\Empowering Technology\eRecovery\Autorun\SW1\802ABG\XP\Docs\ARA\connect.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[WARNING] The file was ignored!
C:\Acer\Empowering Technology\eRecovery\Autorun\SW1\802ABG\XP\Docs\ARA\assist.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[WARNING] The file was ignored!
C:\Acer\Empowering Technology\eRecovery\Autorun\SW1\802ABG\XP\Docs\ARA\admin.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[WARNING] The file was ignored!
C:\Acer\Empowering Technology\eRecovery\Autorun\SW1\802ABG\XP\Docs\iULaunch.exe
[DETECTION] Contains recognition pattern of the W32/Ramnit.C Windows virus
[WARNING] The file was ignored!
C:\Acer\Empowering Technology\eRecovery\Autorun\SW1\802ABG\XP\Apps\x32\iProData\iconvrtr.exe
[DETECTION] Contains recognition pattern of the W32/Ramnit.C Windows virus
[WARNING] The file was ignored!
C:\Acer\Empowering Technology\eRecovery\Autorun\SW1\802ABG\XP\relnotes.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[WARNING] The file was ignored!
C:\Acer\Empowering Technology\eRecovery\Autorun\SW1\802ABG\Vista\Drivers\NETw4c32.dll
[DETECTION] Contains recognition pattern of the W32/Ramnit.C Windows virus
[WARNING] The file was ignored!
C:\Acer\Empowering Technology\eRecovery\Autorun\SW1\802ABG\Vista\Docs\TRK\warranty.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[WARNING] The file was ignored!
C:\Acer\Empowering Technology\eRecovery\Autorun\SW1\802ABG\Vista\Docs\TRK\support.htm
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[WARNING] The file was ignored!


C:\Acer\Empowering Technology\eRecovery\Autorun\HowToCD1\Contents\Howtouse-old.html
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[WARNING] The file was ignored!
C:\Acer\Empowering Technology\eRecovery\Autorun\HowToCD1\Contents\contents.html
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[WARNING] The file was ignored!
C:\Acer\Empowering Technology\eRecovery\Autorun\HowToCD1\Howtouse.html
[DETECTION] Contains recognition pattern of the HTML/Drop.Agent.AB HTML script virus
[WARNING] The file was ignored!
C:\Acer\Empowering Technology\eRecovery\Autorun\ACER\TOOLS\SHELEXEC.EXE
[DETECTION] Contains recognition pattern of the W32/Ramnit.C Windows virus

[WARNING] The file was ignored!
C:\Acer\Empowering Technology\eRecovery\HardDisk.dll
[DETECTION] Contains recognition pattern of the W32/Ramnit.C Windows virus
[WARNING] The file was ignored!
C:\Acer\Empowering Technology\eRecovery\FastBR.DLL
[DETECTION] Contains recognition pattern of the W32/Ramnit.C Windows virus
[WARNING] The file was ignored!
C:\Acer\Empowering Technology\eRecovery\eRecovery.exe
[DETECTION] Contains recognition pattern of the W32/Ramnit.C Windows virus
[WARNING] The file was ignored!
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
[DETECTION] Contains recognition pattern of the W32/Ramnit.C Windows virus
[WARNING] The file was ignored!
C:\Acer\Empowering Technology\eRecovery\Disk.dll
[DETECTION] Contains recognition pattern of the W32/Ramnit.C Windows virus
[WARNING] The file was ignored!
C:\Acer\Empowering Technology\eRecovery\DataEx32.dll
[DETECTION] Contains recognition pattern of the W32/Ramnit.C Windows virus
[WARNING] The file was ignored!
C:\Acer\Empowering Technology\eRecovery\Data32.dll
[DETECTION] Contains recognition pattern of the W32/Ramnit.C Windows virus
[WARNING] The file was ignored!



End of the scan: 13 February 2011 10:45
Used time: 1:40:35 Hour(s)

The scan has been done completely.

21159 Scanned directories
331771 Files were scanned
4125 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
327646 Files not concerned
5066 Archives were scanned
4103 Warnings
0 Notes
834545 Objects were scanned with rootkit scan
1 Hidden objects were found
rjl001
Active Member
 
Posts: 5
Joined: February 9th, 2011, 5:20 am

Re: Malware Infection Help Needed

Unread postby askey127 » February 13th, 2011, 8:28 am

rjl001,
-----------------------------------------------------------
Unfortunately, you have a very dangerous, catastrophic infection, with "backdoor" capabilities (W32.Ramnit.C).
You can read technical details about it here: http://techblog.avira.com/2010/11/25/cl ... mnit-c/en/
This allows intruders to remotely control the computer, log keystrokes, steal critical system information, and download and execute files of their own.


  • Get this machine OFF the Internet. It can infect others.
  • If you do any banking or other financial transactions on the PC, or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable. This would include contacts like your Internet Provider, email, banks, financial accounts, PayPal, eBay, online companies, and any online forums or groups to which you belong.
  • It would be wise to contact any of the financial institutions directly and apprise them of your situation.
  • Do NOT change passwords or do any transactions while using the infected computer because the intruder may get the new passwords and transaction information.

Once infected with this type of Worm, the ONLY course of action is to completely Re-install the Windows Operating System from scratch. That is my best advice to you.
How Do I Handle Possible Identify Theft, Internet Fraud and Credit Card Fraud?

In this case, the infection is known as a file infector.
It corrupts possibly hundreds of system files, so there is NO REMEDY except to either do a COMPLETE RECOVERY, using the Manufacturer's option at bootup, or a complete "reformat/re-install" of Windows.
Performing a complete disk reformat and fresh installation of windows will work, if you have an installation disk.
OEM manufacturers may have a System Recovery bootup mode that will allow complete re-installation of the system from the Recovery Partition.

Only an option that puts the machine back into its "as purchased" state will work. Any "Repair install" or similar will fail.

If you don't have a Windows system disk, you may be able to get one at reasonable cost from the manufacturer.
AT THIS TIME, I WOULD NOT ATTEMPT TO USE ANY BACKUPS FOR ANY PURPOSE, EVEN AFTER A COMPLETE RECOVERY.
The only safe programs to re-install would be from original installation CDs.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Malware Infection Help Needed

Unread postby rjl001 » February 15th, 2011, 5:26 am

Thanks for your help Askey.

I have done a system restore on the machine, but ran into a few problems:

1. The Acer system restore hang at stage 7/8 (tried it several times and always the same result).
At this point, Vista had been reinstalled but the recovery setup and integrity checking did not complete. I have tried several suggested fixes for this but nothing has worked. In the end I had to end the process from Task Manager, and remove "ALaunch" from startup in services.msc.
This allowed Vista to boot normally, however.......

2. The Acer system restore had only reformatted the C: partition. So with a clean windows install, all my old data was still on drive D. As soon as I realised this I reformatted drive D, and ran the system restore once again. I am now worried that infected files from drive D have contaminated the restore partition which is usually hidden but becomed accessible as drive F during the restore process.

3. After this last system restore, I am unable to install windows updates and my browser is getting hijacked. I eventually discover this is due to a TDSS virus. I run Kapersky TDSS Killer on the machine and this solves the problem and now Windows Update works.

Since this last stage I have installed all the Vista updates and SP1 & 2. Everything appears fine on the surface but the system has been a little slow. I still have to check I have all the latest drivers, so some updates might get things working perfectly. However, after the problems I am concerned about security.

I have attached a Hijack This log below, and would appreciate it if you could take a look. Let me know if this needs a new thread.....

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:01:13, on 15/02/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Users\Rob\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Users\Rob\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.uk.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Rob\Desktop\PartyPoker.lnk
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Rob\Desktop\PartyPoker.lnk
O17 - HKLM\System\CCS\Services\Tcpip\..\{FDFAC167-FE15-4098-A638-676DD74D6562}: NameServer = 87.117.198.200 87.117.237.100
O20 - AppInit_DLLs: eNetHook.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7477 bytes
rjl001
Active Member
 
Posts: 5
Joined: February 9th, 2011, 5:20 am

Re: Malware Infection Help Needed

Unread postby askey127 » February 15th, 2011, 8:04 am

As you did previously, please run a full scan with Antivir and post the log results.
That will tell a lot about whether your new setup is contaminated.
It will not tell you anything about the integrity of the newly installed Vista SP2 system (won't detect missing files, etc.).
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Malware Infection Help Needed

Unread postby rjl001 » February 15th, 2011, 11:43 am

Log below. I think everything looks OK.

With regard to a disk i burned with some files while the computer was infected. Is it safe to even put this in my drive and scan it, or should I just bin it?

Avira AntiVir Personal
Report file date: 15 February 2011 13:33

Scanning for 2403505 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows Vista
Windows version : (Service Pack 2) [6.0.6002]
Boot mode : Normally booted
Username : SYSTEM
Computer name : ROB-LAPTOP

Version information:
BUILD.DAT : 10.0.0.611 31824 Bytes 14/01/2011 13:42:00
AVSCAN.EXE : 10.0.3.5 435368 Bytes 10/01/2011 13:23:31
AVSCAN.DLL : 10.0.3.0 46440 Bytes 01/04/2010 11:57:04
LUKE.DLL : 10.0.3.2 104296 Bytes 10/01/2011 13:23:40
LUKERES.DLL : 10.0.0.1 12648 Bytes 10/02/2010 22:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 08:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 13:23:50
VBASE002.VDF : 7.11.3.0 1950720 Bytes 09/02/2011 22:28:38
VBASE003.VDF : 7.11.3.1 2048 Bytes 09/02/2011 22:28:38
VBASE004.VDF : 7.11.3.2 2048 Bytes 09/02/2011 22:28:38
VBASE005.VDF : 7.11.3.3 2048 Bytes 09/02/2011 22:28:38
VBASE006.VDF : 7.11.3.4 2048 Bytes 09/02/2011 22:28:38
VBASE007.VDF : 7.11.3.5 2048 Bytes 09/02/2011 22:28:38
VBASE008.VDF : 7.11.3.6 2048 Bytes 09/02/2011 22:28:39
VBASE009.VDF : 7.11.3.7 2048 Bytes 09/02/2011 22:28:39
VBASE010.VDF : 7.11.3.8 2048 Bytes 09/02/2011 22:28:39
VBASE011.VDF : 7.11.3.9 2048 Bytes 09/02/2011 22:28:39
VBASE012.VDF : 7.11.3.10 2048 Bytes 09/02/2011 22:28:39
VBASE013.VDF : 7.11.3.59 157184 Bytes 14/02/2011 12:26:47
VBASE014.VDF : 7.11.3.60 2048 Bytes 14/02/2011 12:26:48
VBASE015.VDF : 7.11.3.61 2048 Bytes 14/02/2011 12:26:48
VBASE016.VDF : 7.11.3.62 2048 Bytes 14/02/2011 12:26:48
VBASE017.VDF : 7.11.3.63 2048 Bytes 14/02/2011 12:26:48
VBASE018.VDF : 7.11.3.64 2048 Bytes 14/02/2011 12:26:48
VBASE019.VDF : 7.11.3.65 2048 Bytes 14/02/2011 12:26:48
VBASE020.VDF : 7.11.3.66 2048 Bytes 14/02/2011 12:26:48
VBASE021.VDF : 7.11.3.67 2048 Bytes 14/02/2011 12:26:48
VBASE022.VDF : 7.11.3.68 2048 Bytes 14/02/2011 12:26:48
VBASE023.VDF : 7.11.3.69 2048 Bytes 14/02/2011 12:26:48
VBASE024.VDF : 7.11.3.70 2048 Bytes 14/02/2011 12:26:49
VBASE025.VDF : 7.11.3.71 2048 Bytes 14/02/2011 12:26:49
VBASE026.VDF : 7.11.3.72 2048 Bytes 14/02/2011 12:26:49
VBASE027.VDF : 7.11.3.73 2048 Bytes 14/02/2011 12:26:49
VBASE028.VDF : 7.11.3.74 2048 Bytes 14/02/2011 12:26:49
VBASE029.VDF : 7.11.3.75 2048 Bytes 14/02/2011 12:26:49
VBASE030.VDF : 7.11.3.76 2048 Bytes 14/02/2011 12:26:49
VBASE031.VDF : 7.11.3.87 60928 Bytes 15/02/2011 12:26:50
Engineversion : 8.2.4.166
AEVDF.DLL : 8.1.2.1 106868 Bytes 10/01/2011 13:23:26
AESCRIPT.DLL : 8.1.3.53 1282427 Bytes 13/02/2011 22:28:47
AESCN.DLL : 8.1.7.2 127349 Bytes 10/01/2011 13:23:26
AESBX.DLL : 8.1.3.2 254324 Bytes 10/01/2011 13:23:26
AERDL.DLL : 8.1.9.2 635252 Bytes 10/01/2011 13:23:25
AEPACK.DLL : 8.2.4.9 512374 Bytes 13/02/2011 22:28:46
AEOFFICE.DLL : 8.1.1.16 205179 Bytes 13/02/2011 22:28:46
AEHEUR.DLL : 8.1.2.76 3273078 Bytes 13/02/2011 22:28:45
AEHELP.DLL : 8.1.16.1 246134 Bytes 13/02/2011 22:28:43
AEGEN.DLL : 8.1.5.2 397683 Bytes 13/02/2011 22:28:42
AEEMU.DLL : 8.1.3.0 393589 Bytes 10/01/2011 13:23:18
AECORE.DLL : 8.1.19.2 196983 Bytes 13/02/2011 22:28:41
AEBB.DLL : 8.1.1.0 53618 Bytes 10/01/2011 13:23:18
AVWINLL.DLL : 10.0.0.0 19304 Bytes 10/01/2011 13:23:32
AVPREF.DLL : 10.0.0.0 44904 Bytes 10/01/2011 13:23:30
AVREP.DLL : 10.0.0.8 62209 Bytes 17/06/2010 13:27:13
AVREG.DLL : 10.0.3.2 53096 Bytes 10/01/2011 13:23:31
AVSCPLR.DLL : 10.0.3.2 84328 Bytes 10/01/2011 13:23:31
AVARKT.DLL : 10.0.22.6 231784 Bytes 10/01/2011 13:23:27
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 10/01/2011 13:23:28
SQLITE3.DLL : 3.6.19.0 355688 Bytes 17/06/2010 13:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 10/01/2011 13:23:31
NETNT.DLL : 10.0.0.0 11624 Bytes 17/06/2010 13:27:21
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28/01/2010 12:10:20
RCTEXT.DLL : 10.0.58.0 97128 Bytes 10/01/2011 13:23:52

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: 15 February 2011 13:33

Starting search for hidden objects.

The scan of running processes will be started
Scan process 'svchost.exe' - '37' Module(s) have been scanned
Scan process 'vssvc.exe' - '50' Module(s) have been scanned
Scan process 'avscan.exe' - '80' Module(s) have been scanned
Scan process 'avscan.exe' - '30' Module(s) have been scanned
Scan process 'calc.exe' - '38' Module(s) have been scanned
Scan process 'avcenter.exe' - '80' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '60' Module(s) have been scanned
Scan process 'RtkBtMnt.exe' - '47' Module(s) have been scanned
Scan process 'Apntex.exe' - '41' Module(s) have been scanned
Scan process 'ApMsgFwd.exe' - '17' Module(s) have been scanned
Scan process 'ERAGENT.EXE' - '47' Module(s) have been scanned
Scan process 'ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE' - '117' Module(s) have been scanned
Scan process 'EPOWER_DMC.EXE' - '68' Module(s) have been scanned
Scan process 'ENMTRAY.EXE' - '104' Module(s) have been scanned
Scan process 'igfxsrvc.exe' - '31' Module(s) have been scanned
Scan process 'igfxext.exe' - '22' Module(s) have been scanned
Scan process 'igfxpers.exe' - '44' Module(s) have been scanned
Scan process 'hkcmd.exe' - '43' Module(s) have been scanned
Scan process 'igfxtray.exe' - '44' Module(s) have been scanned
Scan process 'jusched.exe' - '22' Module(s) have been scanned
Scan process 'avgnt.exe' - '72' Module(s) have been scanned
Scan process 'Apoint.exe' - '53' Module(s) have been scanned
Scan process 'LManager.exe' - '53' Module(s) have been scanned
Scan process 'igfxsrvc.exe' - '50' Module(s) have been scanned
Scan process 'PCMService.exe' - '93' Module(s) have been scanned
Scan process 'eDSLoader.exe' - '45' Module(s) have been scanned
Scan process 'RtHDVCpl.exe' - '63' Module(s) have been scanned
Scan process 'Explorer.EXE' - '157' Module(s) have been scanned
Scan process 'Dwm.exe' - '48' Module(s) have been scanned
Scan process 'taskeng.exe' - '98' Module(s) have been scanned
Scan process 'unsecapp.exe' - '31' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '37' Module(s) have been scanned
Scan process 'ePowerSvc.exe' - '53' Module(s) have been scanned
Scan process 'capuserv.exe' - '69' Module(s) have been scanned
Scan process 'CLSched.exe' - '36' Module(s) have been scanned
Scan process 'xaudio.exe' - '17' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '61' Module(s) have been scanned
Scan process 'svchost.exe' - '9' Module(s) have been scanned
Scan process 'svchost.exe' - '43' Module(s) have been scanned
Scan process 'MobilityService.exe' - '36' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '21' Module(s) have been scanned
Scan process 'eNet Service.exe' - '51' Module(s) have been scanned
Scan process 'eLockServ.exe' - '40' Module(s) have been scanned
Scan process 'eDSService.exe' - '31' Module(s) have been scanned
Scan process 'CLMLServer.exe' - '28' Module(s) have been scanned
Scan process 'avshadow.exe' - '34' Module(s) have been scanned
Scan process 'CLCapSvc.exe' - '63' Module(s) have been scanned
Scan process 'avguard.exe' - '65' Module(s) have been scanned
Scan process 'taskeng.exe' - '49' Module(s) have been scanned
Scan process 'ALaunchSvc.exe' - '36' Module(s) have been scanned
Scan process 'svchost.exe' - '60' Module(s) have been scanned
Scan process 'sched.exe' - '57' Module(s) have been scanned
Scan process 'spoolsv.exe' - '84' Module(s) have been scanned
Scan process 'svchost.exe' - '94' Module(s) have been scanned
Scan process 'svchost.exe' - '82' Module(s) have been scanned
Scan process 'SLsvc.exe' - '23' Module(s) have been scanned
Scan process 'svchost.exe' - '152' Module(s) have been scanned
Scan process 'svchost.exe' - '110' Module(s) have been scanned
Scan process 'svchost.exe' - '65' Module(s) have been scanned
Scan process 'svchost.exe' - '36' Module(s) have been scanned
Scan process 'svchost.exe' - '43' Module(s) have been scanned
Scan process 'lsm.exe' - '25' Module(s) have been scanned
Scan process 'lsass.exe' - '63' Module(s) have been scanned
Scan process 'winlogon.exe' - '33' Module(s) have been scanned
Scan process 'services.exe' - '36' Module(s) have been scanned
Scan process 'wininit.exe' - '29' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '341' files ).


Starting the file scan:

Begin scan in 'C:\' <ACER>
Begin scan in 'D:\' <DATA>


End of the scan: 15 February 2011 14:18
Used time: 44:58 Minute(s)

The scan has been done completely.

17273 Scanned directories
255427 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
255427 Files not concerned
1101 Archives were scanned
0 Warnings
0 Notes
369037 Objects were scanned with rootkit scan
0 Hidden objects were found
rjl001
Active Member
 
Posts: 5
Joined: February 9th, 2011, 5:20 am

Re: Malware Infection Help Needed

Unread postby askey127 » February 15th, 2011, 3:27 pm

As you can see, main machine looks good.
Just install the DVD into your DVD drive.
Then from Start, Computer, right click the DVD drive letter and choose Scan with Antivir.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Malware Infection Help Needed

Unread postby askey127 » February 18th, 2011, 9:07 am

this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 297 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware