Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

'Warnings' after Avira removed EXP/2011-3544.DL.1 and EXP/CVE-2012-0507

(New)
(!)

Ice4's Avatar
Ice4 Ice4 is offline
Computer Specs
Member with 131 posts.
THREAD STARTER
 
Join Date: Oct 2007
Experience: Beginner
10-Jul-2012, 02:14 PM #1
'Warnings' after Avira removed EXP/2011-3544.DL.1 and EXP/CVE-2012-0507
I've been trying to get various things to work on my new computer (Windows 7 64-bit) and apparently caught something in the process, or possibly when I was downloading a video, which is when I first noticed a problem.

All of a sudden Firefox became unresponsive, then the entire computer stopped responding. I unplugged from the internet, and tried to shut down the computer, but couldn't. I tried CTRL/ALT/Delete, but nothing happened. I finally held down the power button and got it to turn off.

After rebooting this happened again, and this time it didn't seem to shut all the way down. A light was still on, until I unplugged the computer, and took out the battery.

I did a scan with Avira, which found two files, with a total of 9 problems, and quarantined them. It also found three 'warnings' but didn't do anything about them. So I ran the Kaspersky online scanner, and it also found three 'vulnerabilities'. I'm pasting the event log entries of Avira and the log from the Kaspersky scanner below. I also ran an MBAM scan which didn't find anything.



I tried to run HiJackThis, but got a couple of error messages:

>>
For some reason your system denied write access to the Hosts file. If any hijacked domains are in this file, HijackThis may NOT be able to fix this.

If that happens, you need to edit the file yourself. To do this, click Start, Run and type:

notepad C:\windows\System32\drivers\etc\hosts

and press Enter. Find the line(s) HijackThis reports and delete them.
Save the file as 'hosts.'(with quotes), and reboot.

For Vista: simply, exit HijackThis, right click on the HijackThis icon, choose 'Run as administrator'.
<<

After I clicked OK, it said:

>>
Cannot find the C:\Program Files (x96)\Trend Micro\HijackThis\hijackthis.log file.

Do you want to create a new file?
<<

I didn't know what this meant, so said No for now. I thought maybe I could then copy and paste the results, but it wouldn't let me. Could someone walk me through this, if still necessary after I paste all the other info?

Would greatly appreciate some help with this.





These are the two items from the Avira event log:

The file 'C:\Users\IF\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\9a26541-669615cd' contained a virus or unwanted program 'EXP/2011-3544.DL.1' [exploit]
Action(s) taken: The file was moved to the quarantine directory under the name '4d26d232.qua'.

The file 'C:\Users\IF\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\51d8537b-488bf94f' contained a virus or unwanted program 'EXP/CVE-2012-0507' [exploit]
Action(s) taken: The file was moved to the quarantine directory under the name '55c3fd45.qua'.





This is what Kaspersky online scanner said:

Vulnerabilities (3)
1. C:\Program Files (x86)\DVD Flick\imgburn\imgburn.exe
2. C:\Program Files (x86)\GIMP-2.0\bin\libgtk-win32-2.0-0.dll
3. C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll

Other issues (11)
1. "Autorun from hard drives is allowed"
2. "Autorun from network drives is enabled"
3. "CD/DVD autorun is enabled"
4. "Removable media autorun is enabled"
5. "Microsoft Internet Explorer: clear history of typed URLs"
6. "Microsoft Internet Explorer - disable caching data received via protected channel"
7. "Microsoft Internet Explorer: disable sending error reports"
8. "Microsoft Internet Explorer: clear list of pop-up blocker exceptions"
9. "Microsoft Internet Explorer: enable cache autocleanup on browser closing"
10. "Windows Explorer: display of known file types extensions is disabled"
11. "Microsoft Internet Explorer: start page reset"





These are the DDS files:



ATTACH:


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 5/7/2012 2:58:53 PM
System Uptime: 7/10/2012 1:42:48 AM (10 hours ago)
.
Motherboard: Dell Inc. | | 01HXXJ
Processor: Intel(R) Core(TM) i3-2350M CPU @ 2.30GHz | CPU 1 | 782/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 451 GiB total, 353.521 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Accidental Damage Services Agreement
Adobe AIR
Adobe Flash Player 11 Plugin
Adobe Reader X MUI
Advanced Audio FX Engine
Any Video Converter 3.3.8
Apophysis 7x (64 bit)
Apple Application Support
Apple Software Update
Avira Free Antivirus
Banctec Service Agreement
Blio
CamStudio OSS Desktop Recorder
CanoScan Toolbox Ver4.9
Complete Care Business Service Agreement
Consumer In-Home Service Agreement
D3DX10
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Digital Delivery
Dell Getting Started Guide
Dell Home Systems Service Agreement
Dell MusicStage
Dell PhotoStage
Dell Resource CD
Dell Stage
Dell Stage Remote
Dell VideoStage
Dell Webcam Central
DirectX 9 Runtime
DVD Flick 1.3.0.7
DVD Shrink 3.2
DVDStyler v2.2
FileZilla Client 3.5.3
Foxit Reader
GIMP 2.4.7
GoToAssist Corporate
High-Definition Video Playback
HiJackThis
IDT Audio
ImgBurn
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
Java Auto Updater
Java(TM) 7 Update 5
Junk Mail filter update
Kaspersky Security Scan
Malwarebytes Anti-Malware version 1.61.0.1400
Mesh Runtime
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MozBackup 1.5.1
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Thunderbird 12.0.1 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 10 Movie ThemePack Basic
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero Update
OpenOffice.org 3.4
PhotoShowExpress
PlayReady PC Runtime x86
Premium Service Agreement
QualxServ Service Agreement
QuickTime
Realtek Ethernet Controller Driver
Realtek USB 2.0 Card Reader
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Skype Toolbars
Skype™ 4.2
Sonic CinePlayer Decoder Pack
SyncUP
Time Adjuster STANDARD 3.1
UK's Kalender 2.3.2
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
VLC media player 2.0.1
WavePad Sound Editor
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Xvid Video Codec
Zinio Reader 4
.
==== Event Viewer Messages From Past Week ========
.
7/9/2012 7:54:05 AM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:.
7/9/2012 7:54:05 AM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
7/9/2012 7:41:39 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
7/8/2012 9:42:15 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume OS.
7/10/2012 1:43:29 AM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: D@01010004
.
==== End Of File ===========================






DDS:



.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.0
Run by IF at 11:45:31 on 2012-07-10
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3494.1908 [GMT -7:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\taskhost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
C:\windows\System32\rundll32.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Classic Shell\ClassicStartMenu.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Kalender\Kalender.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\windows\system32\conhost.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\DllHost.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: ExplorerBHO Class: {449d0d6e-2412-4e61-b68f-1cb625cd9e52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: ClassicIE9BHO Class: {ea801577-e6ad-4bd5-8f71-4be0154331a4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll
TB: Classic Explorer Bar: {553891b7-a0d5-4526-be18-d3ce461d6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
uRun: [Kalender] C:\Program Files (x86)\Kalender\Kalender.exe
uRun: [KSS] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" /autorun
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
mRunOnce: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {64964764-1101-4bbd-8891-B56B1A53B9B3} - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
TCP: DhcpNameServer = 75.101.19.192 66.117.136.6
TCP: Interfaces\{43869EC2-32E7-4BAF-8EA4-E8E12825C4A2} : DhcpNameServer = 75.101.19.192 66.117.136.6
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO-X64: ClassicIE9BHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll
TB-X64: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [(Default)]
mRun-x64: [RoxWatchTray] "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
mRunOnce-x64: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"
IE-X64: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\IF\AppData\Roaming\Mozilla\Firefox\Profiles\pogx8xn3.default\
FF - prefs.js: browser.search.selectedEngine - Ixquick
FF - prefs.js: browser.startup.homepage - hxxp://us.mc634.mail.yahoo.com/mc/showFolder?fid=Inbox&order=down&tt=34165&pSize=200&noajax
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\windows\system32\Drivers\PxHlpa64.sys --> C:\windows\system32\Drivers\PxHlpa64.sys [?]
R1 avkmgr;avkmgr;C:\windows\system32\DRIVERS\avkmgr.sys --> C:\windows\system32\DRIVERS\avkmgr.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-6-26 89600]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-6-19 86224]
R2 AntiVirService;Avira Realtime Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-6-19 110032]
R2 avgntflt;avgntflt;C:\windows\system32\DRIVERS\avgntflt.sys --> C:\windows\system32\DRIVERS\avgntflt.sys [?]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-3-2 13336]
R2 KSS;Kaspersky Security Scan Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [2012-4-25 202296]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-2 483688]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2012-3-2 689472]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-3-2 2656280]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\windows\system32\DRIVERS\CtClsFlt.sys --> C:\windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-2 209768]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 BTWAMPFL;BTWAMPFL;C:\windows\system32\DRIVERS\btwampfl.sys --> C:\windows\system32\DRIVERS\btwampfl.sys [?]
S3 btwl2cap;Bluetooth L2CAP Service;C:\windows\system32\DRIVERS\btwl2cap.sys --> C:\windows\system32\DRIVERS\btwl2cap.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S4 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2012-4-10 166912]
S4 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
S4 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
S4 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-07-10 17:02:00 -------- d-----w- C:\ProgramData\Kaspersky Lab
2012-07-10 17:02:00 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab
2012-07-08 12:24:08 -------- d-----w- C:\Users\IF\AppData\Local\ElevatedDiagnostics
2012-07-07 04:07:48 49664 ----a-w- C:\windows\System32\CamCodec.dll
2012-07-07 04:07:48 -------- d-----w- C:\Program Files (x86)\CamStudio 2.6b
2012-07-07 02:27:49 696832 ----a-w- C:\windows\System32\xvidcore.dll
2012-07-07 02:27:49 645632 ----a-w- C:\windows\SysWow64\xvidcore.dll
2012-07-07 02:27:49 255488 ----a-w- C:\windows\System32\xvidvfw.dll
2012-07-07 02:27:49 240640 ----a-w- C:\windows\SysWow64\xvidvfw.dll
2012-07-07 02:27:49 173568 ----a-w- C:\windows\System32\xvid.ax
2012-07-07 02:27:49 153088 ----a-w- C:\windows\SysWow64\xvid.ax
2012-07-07 02:27:48 -------- d-----w- C:\Program Files (x86)\Xvid
2012-07-06 23:58:40 -------- d-----w- C:\Users\IF\AppData\Local\Diagnostics
2012-06-29 18:52:58 -------- d-----w- C:\Users\IF\AppData\Roaming\NCH Software
2012-06-29 18:52:08 -------- d-----w- C:\Program Files (x86)\NCH Software
2012-06-26 23:23:12 -------- d-----w- C:\Program Files\Common Files\Intel
2012-06-26 23:23:11 -------- d-----w- C:\Program Files (x86)\Common Files\Intel
2012-06-26 23:21:56 509976 ----a-w- C:\windows\System32\igfxsrvc.exe
2012-06-26 23:21:56 167960 ----a-w- C:\windows\System32\igfxtray.exe
2012-06-26 23:03:30 68608 ----a-w- C:\windows\System32\AESTAR64.dll
2012-06-26 23:03:30 442368 ----a-w- C:\windows\System32\AESTEC64.dll
2012-06-26 23:03:30 162304 ----a-w- C:\windows\System32\AESTAC64.dll
2012-06-26 23:03:29 4780032 ----a-w- C:\windows\System32\stlang64.dll
2012-06-26 23:03:29 1523712 ----a-w- C:\windows\System32\IDTNC64.cpl
2012-06-26 23:02:52 654336 ------w- C:\windows\System32\stapi64.dll
2012-06-26 23:02:52 528384 ----a-w- C:\windows\System32\drivers\stwrt64.sys
2012-06-26 23:02:52 431616 ----a-w- C:\windows\System32\stcplx64.dll
2012-06-26 23:02:52 224256 ----a-w- C:\windows\System32\st646341.dll
2012-06-26 23:02:52 1965056 ----a-w- C:\windows\System32\stapo64.dll
2012-06-26 23:02:49 -------- d-----w- C:\Program Files\IDT
2012-06-25 05:42:41 -------- d-----w- C:\Users\IF\AppData\Local\CrashDumps
2012-06-25 05:21:30 955840 ----a-w- C:\windows\System32\npDeployJava1.dll
2012-06-22 10:40:11 2622464 ----a-w- C:\windows\System32\wucltux.dll
2012-06-22 10:40:04 99840 ----a-w- C:\windows\System32\wudriver.dll
2012-06-22 10:39:53 36864 ----a-w- C:\windows\System32\wuapp.exe
2012-06-22 10:39:53 186752 ----a-w- C:\windows\System32\wuwebv.dll
2012-06-22 08:04:16 -------- d-----w- C:\Users\IF\AppData\Roaming\AnvSoft
2012-06-22 06:45:06 -------- d-----w- C:\Users\IF\.thumbnails
2012-06-22 06:37:24 -------- d-----w- C:\Users\IF\.gimp-2.4
2012-06-22 06:37:02 -------- d-----w- C:\Program Files (x86)\GIMP-2.0
2012-06-22 05:57:21 -------- d-----w- C:\Users\IF\AppData\Local\fontconfig
2012-06-22 05:57:19 -------- d-----w- C:\Users\IF\.gimp-2.8
2012-06-22 05:57:18 -------- d-----w- C:\Users\IF\AppData\Local\gegl-0.2
2012-06-19 12:19:45 -------- d-----w- C:\Program Files\Soluto
2012-06-19 12:18:25 -------- d-----w- C:\ProgramData\Soluto
2012-06-19 12:15:13 -------- d-----w- C:\Users\IF\AppData\Roaming\SUPERAntiSpyware.com
2012-06-19 12:14:40 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-06-19 12:14:40 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-06-19 12:13:10 -------- d-----w- C:\Users\IF\AppData\Roaming\Malwarebytes
2012-06-19 12:12:59 -------- d-----w- C:\ProgramData\Malwarebytes
2012-06-19 12:12:58 24904 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-06-19 12:12:58 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-19 12:08:53 -------- d-----w- C:\Users\IF\AppData\Roaming\Avira
2012-06-19 12:07:50 98848 ----a-w- C:\windows\System32\drivers\avgntflt.sys
2012-06-19 12:07:50 27760 ----a-w- C:\windows\System32\drivers\avkmgr.sys
2012-06-19 12:07:49 -------- d-----w- C:\ProgramData\Avira
2012-06-19 12:07:49 -------- d-----w- C:\Program Files (x86)\Avira
2012-06-17 23:56:55 3146752 ----a-w- C:\windows\System32\win32k.sys
2012-06-17 23:56:52 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys
2012-06-17 23:56:47 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-06-17 23:56:46 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-06-17 23:56:45 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-06-17 16:01:55 -------- d-----w- C:\Program Files (x86)\TimeAdjuster
.
==================== Find3M ====================
.
2012-06-26 22:38:54 103272 ----a-w- C:\Users\IF\GoToAssistDownloadHelper.exe
2012-06-25 05:20:56 839096 ----a-w- C:\windows\System32\deployJava1.dll
2012-05-24 02:32:12 70304 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-24 02:32:12 419488 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-05-18 02:06:48 2311680 ----a-w- C:\windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-05-05 02:29:22 772504 ----a-w- C:\windows\SysWow64\npDeployJava1.dll
2012-05-05 02:29:16 687504 ----a-w- C:\windows\SysWow64\deployJava1.dll
2012-04-26 05:41:56 77312 ----a-w- C:\windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\windows\System32\rdrmemptylst.exe
2012-04-19 03:56:30 94208 ----a-w- C:\windows\SysWow64\QuickTimeVR.qtx
2012-04-19 03:56:30 69632 ----a-w- C:\windows\SysWow64\QuickTime.qts
.
============= FINISH: 11:46:07.36 ===============

Last edited by Ice4; 10-Jul-2012 at 02:16 PM.. Reason: posted before I finished subject line
Ice4's Avatar
Ice4 Ice4 is offline
Computer Specs
Member with 131 posts.
THREAD STARTER
 
Join Date: Oct 2007
Experience: Beginner
11-Jul-2012, 03:46 AM #2
Replying to myself, in the hopes this doesn't get lost completely in the massive amount of posts. Still very concerned about the three 'warnings' that Avira never showed before, and which seem to be in a couple of program files.

I don't know if it's safe to use these programs now, or if I should uninstall them and reinstall fresh. There's also the file in the SysWOW64 folder. I'm also concerned about doing any banking or other vulnerable activity on the computer until I know the exploits are truly gone.

I'm sorry I was not able to attach a HiJackThis log, because of a couple of error messages that I didn't know what to do with, so I'm hoping someone could tell me what to do about that too. And I didn't do anything with GMER, because I'm on 64-bit, and my understanding from the instructions in the STICKY is that I have to skip that step. If that's wrong, please let me know.
Ice4's Avatar
Ice4 Ice4 is offline
Computer Specs
Member with 131 posts.
THREAD STARTER
 
Join Date: Oct 2007
Experience: Beginner
11-Jul-2012, 10:46 PM #3
Since posting this, Avira now says that there are 6 Warnings, and today lists 1 Hidden object, as well as a Note. I did just install several Windows Updates, but otherwise I've not really done much on the computer. I am concerned that the Avira scan keeps finding more stuff, but is doing nothing about it. It never found any Warnings before the two exploits. I also noticed that the Avira Warnings are not the same files as what Kaspersky found as Vulnerabilities. Really hoping someone here can enlighten me as to what's going on.

This is the report from my last scan:

Avira Free Antivirus
Report file date: Wednesday, July 11, 2012 19:29

Scanning for 3862201 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available.

Licensee : Avira AntiVir Personal - Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows 7 Home Premium
Windows version : (Service Pack 1) [6.1.7601]
Boot mode : Normally booted
Username : SYSTEM
Computer name : IF-PC

Version information:
BUILD.DAT : 12.0.0.1125 41829 Bytes 5/2/2012 17:40:00
AVSCAN.EXE : 12.3.0.15 466896 Bytes 5/2/2012 07:48:51
AVSCAN.DLL : 12.3.0.15 54736 Bytes 5/2/2012 22:31:39
LUKE.DLL : 12.3.0.15 68304 Bytes 5/2/2012 08:31:47
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 5/2/2012 07:13:36
AVREG.DLL : 12.3.0.17 232200 Bytes 6/19/2012 12:10:04
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 03:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 08:23:21
VBASE002.VDF : 7.11.19.170 14374912 Bytes 12/20/2011 08:32:24
VBASE003.VDF : 7.11.21.238 4472832 Bytes 2/1/2012 18:58:50
VBASE004.VDF : 7.11.26.44 4329472 Bytes 3/28/2012 19:43:53
VBASE005.VDF : 7.11.34.116 4034048 Bytes 6/29/2012 12:09:12
VBASE006.VDF : 7.11.34.117 2048 Bytes 6/29/2012 12:09:12
VBASE007.VDF : 7.11.34.118 2048 Bytes 6/29/2012 12:09:12
VBASE008.VDF : 7.11.34.119 2048 Bytes 6/29/2012 12:09:12
VBASE009.VDF : 7.11.34.120 2048 Bytes 6/29/2012 12:09:12
VBASE010.VDF : 7.11.34.121 2048 Bytes 6/29/2012 12:09:12
VBASE011.VDF : 7.11.34.122 2048 Bytes 6/29/2012 12:09:12
VBASE012.VDF : 7.11.34.123 2048 Bytes 6/29/2012 12:09:12
VBASE013.VDF : 7.11.34.124 2048 Bytes 6/29/2012 12:09:12
VBASE014.VDF : 7.11.34.201 169472 Bytes 7/2/2012 05:46:31
VBASE015.VDF : 7.11.35.19 122368 Bytes 7/4/2012 05:46:35
VBASE016.VDF : 7.11.35.87 146944 Bytes 7/6/2012 05:46:31
VBASE017.VDF : 7.11.35.143 126464 Bytes 7/9/2012 11:52:05
VBASE018.VDF : 7.11.35.144 2048 Bytes 7/9/2012 11:52:06
VBASE019.VDF : 7.11.35.145 2048 Bytes 7/9/2012 11:52:06
VBASE020.VDF : 7.11.35.146 2048 Bytes 7/9/2012 11:52:06
VBASE021.VDF : 7.11.35.147 2048 Bytes 7/9/2012 11:52:06
VBASE022.VDF : 7.11.35.148 2048 Bytes 7/9/2012 11:52:06
VBASE023.VDF : 7.11.35.149 2048 Bytes 7/9/2012 11:52:07
VBASE024.VDF : 7.11.35.150 2048 Bytes 7/9/2012 11:52:07
VBASE025.VDF : 7.11.35.151 2048 Bytes 7/9/2012 11:52:07
VBASE026.VDF : 7.11.35.152 2048 Bytes 7/9/2012 11:52:07
VBASE027.VDF : 7.11.35.153 2048 Bytes 7/9/2012 11:52:08
VBASE028.VDF : 7.11.35.154 2048 Bytes 7/9/2012 11:52:08
VBASE029.VDF : 7.11.35.155 2048 Bytes 7/9/2012 11:52:08
VBASE030.VDF : 7.11.35.156 2048 Bytes 7/9/2012 11:52:09
VBASE031.VDF : 7.11.35.232 143360 Bytes 7/11/2012 01:38:27
Engine version : 8.2.10.110
AEVDF.DLL : 8.1.2.10 102772 Bytes 7/10/2012 11:52:27
AESCRIPT.DLL : 8.1.4.32 455034 Bytes 7/6/2012 05:47:17
AESCN.DLL : 8.1.8.2 131444 Bytes 2/17/2012 01:11:36
AESBX.DLL : 8.2.5.12 606578 Bytes 6/19/2012 12:10:02
AERDL.DLL : 8.1.9.15 639348 Bytes 1/21/2012 08:22:40
AEPACK.DLL : 8.3.0.12 807286 Bytes 7/10/2012 11:52:25
AEOFFICE.DLL : 8.1.2.40 201082 Bytes 6/29/2012 12:09:25
AEHEUR.DLL : 8.1.4.64 5009782 Bytes 7/6/2012 05:47:14
AEHELP.DLL : 8.1.23.2 258422 Bytes 6/29/2012 12:09:15
AEGEN.DLL : 8.1.5.32 434548 Bytes 7/7/2012 05:46:37
AEEXP.DLL : 8.1.0.62 86389 Bytes 7/12/2012 01:38:28
AEEMU.DLL : 8.1.3.2 393587 Bytes 7/10/2012 11:52:18
AECORE.DLL : 8.1.27.2 201078 Bytes 7/10/2012 11:52:14
AEBB.DLL : 8.1.1.0 53618 Bytes 1/21/2012 08:22:35
AVWINLL.DLL : 12.3.0.15 27344 Bytes 5/2/2012 07:59:21
AVPREF.DLL : 12.3.0.15 51920 Bytes 5/2/2012 07:44:31
AVREP.DLL : 12.3.0.15 179208 Bytes 5/2/2012 07:13:35
AVARKT.DLL : 12.3.0.15 211408 Bytes 5/2/2012 07:21:32
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 5/2/2012 07:28:49
SQLITE3.DLL : 3.7.0.1 398288 Bytes 4/17/2012 06:11:02
AVSMTP.DLL : 12.3.0.15 63440 Bytes 5/2/2012 07:51:35
NETNT.DLL : 12.3.0.15 17104 Bytes 5/2/2012 08:33:29
RCIMAGE.DLL : 12.3.0.15 4450000 Bytes 5/2/2012 09:03:52
RCTEXT.DLL : 12.3.0.15 96720 Bytes 5/2/2012 22:40:44

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\program files (x86)\avira\antivir desktop\sysscan.avp
Logging.............................: default
Primary action......................: Interactive
Secondary action....................: Ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, Q:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: extended

Start of the scan: Wednesday, July 11, 2012 19:29

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'Q:\'
[INFO] No virus was found!
[INFO] Please restart the search with Administrator rights

Starting search for hidden objects.
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\RegisteredOrganization
[NOTE] The registry entry is invisible.

The scan of running processes will be started
Scan process 'avscan.exe' - '89' Module(s) have been scanned
Scan process 'avcenter.exe' - '76' Module(s) have been scanned
Scan process 'UNS.exe' - '41' Module(s) have been scanned
Scan process 'LMS.exe' - '29' Module(s) have been scanned
Scan process 'IAStorDataMgrSvc.exe' - '47' Module(s) have been scanned
Scan process 'avgnt.exe' - '77' Module(s) have been scanned
Scan process 'IAStorIcon.exe' - '48' Module(s) have been scanned
Scan process 'kss.exe' - '86' Module(s) have been scanned
Scan process 'Kalender.exe' - '31' Module(s) have been scanned
Scan process 'STService.exe' - '55' Module(s) have been scanned
Scan process 'CVHSVC.EXE' - '60' Module(s) have been scanned
Scan process 'sftlist.exe' - '68' Module(s) have been scanned
Scan process 'sftvsa.exe' - '28' Module(s) have been scanned
Scan process 'sftservice.EXE' - '49' Module(s) have been scanned
Scan process 'kss.exe' - '131' Module(s) have been scanned
Scan process 'avguard.exe' - '69' Module(s) have been scanned
Scan process 'sched.exe' - '43' Module(s) have been scanned

Starting to scan executable files (registry).
The registry was scanned ( '3792' files ).


Starting the file scan:

Begin scan in 'C:\' <OS>
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.dat
[WARNING] The file is password protected
C:\Program Files (x86)\InstallShield Installation Information\{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}\SupportFiles.7z
[WARNING] The archive is password protected
C:\Program Files (x86)\OpenOffice.org 3\Basis\presets\config\standard.sob
[WARNING] Invalid compressed data
C:\Users\IF\AppData\Roaming\OpenOffice.org\3\user\config\standard.sob
[WARNING] Invalid compressed data
C:\Users\IF\Desktop\Installers\avira_free_antivirus_en.exe
[WARNING] The file is password protected
C:\Users\IF\Desktop\lide60vst6411111a_64en\lide60vst6411111a_64en\SetupSG.e xe
[WARNING] Invalid compressed data
Begin scan in 'Q:\'
Search path Q:\ could not be opened!
System error [5]: Access is denied.


End of the scan: Wednesday, July 11, 2012 20:31
Used time: 1:01:22 Hour(s)

The scan has been done completely.

24869 Scanned directories
451820 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 Files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
451820 Files not concerned
3468 Archives were scanned
6 Warnings
1 Notes
656603 Objects were scanned with rootkit scan
1 Hidden objects were found
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑

Content Relevant URLs by vBSEO 3.3.2