1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Avira found hidden objects in my registry

Discussion in 'Virus & Other Malware Removal' started by digit77, Jan 22, 2013.

Thread Status:
Not open for further replies.
  1. digit77

    digit77 Thread Starter

    Joined:
    Jul 22, 2008
    Messages:
    13
    I run a system scan once a week with Avira. This week it threw up a hidden object when it did the 'Hidden objects search'. I'm pretty sure it found just one hidden object, then it advised me to restart my system and scan again, and it found 2 hidden items on the 2nd scan.

    I'm attaching the logfile to my post. Anybody have any suggestions on how to proceed?
     

    Attached Files:

  2. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,293
    Please copy and paste reports for easier viewing and reference. I'll paste it here.



    Avira Free Antivirus
    Report file date: 22 January 2013 16:47

    Scanning for 4704931 virus strains and unwanted programs.

    The program is running as an unrestricted full version.
    Online services are available.

    Licensee : Avira Free Antivirus
    Serial number : 0000149996-ADJIE-0000001
    Platform : Windows 7 Home Premium
    Windows version : (Service Pack 1) [6.1.7601]
    Boot mode : Normally booted
    Username : SYSTEM
    Computer name : JAMES-PC

    Version information:
    BUILD.DAT : 12.1.9.1236 40872 Bytes 11/10/2012 15:58:00
    AVSCAN.EXE : 12.3.0.48 468256 Bytes 14/11/2012 18:32:53
    AVSCAN.DLL : 12.3.0.15 54736 Bytes 08/05/2012 22:41:09
    LUKE.DLL : 12.3.0.15 68304 Bytes 08/05/2012 22:41:09
    AVSCPLR.DLL : 12.3.0.14 97032 Bytes 08/05/2012 22:41:10
    AVREG.DLL : 12.3.0.17 232200 Bytes 10/05/2012 22:37:15
    VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 19:18:34
    VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 10:07:39
    VBASE002.VDF : 7.11.19.170 14374912 Bytes 20/12/2011 18:03:29
    VBASE003.VDF : 7.11.21.238 4472832 Bytes 01/02/2012 22:38:49
    VBASE004.VDF : 7.11.26.44 4329472 Bytes 28/03/2012 14:20:16
    VBASE005.VDF : 7.11.34.116 4034048 Bytes 29/06/2012 20:41:24
    VBASE006.VDF : 7.11.41.250 4902400 Bytes 06/09/2012 22:55:19
    VBASE007.VDF : 7.11.50.230 3904512 Bytes 22/11/2012 19:18:47
    VBASE008.VDF : 7.11.55.142 2214912 Bytes 03/01/2013 21:19:37
    VBASE009.VDF : 7.11.55.143 2048 Bytes 03/01/2013 21:19:37
    VBASE010.VDF : 7.11.55.144 2048 Bytes 03/01/2013 21:19:37
    VBASE011.VDF : 7.11.55.145 2048 Bytes 03/01/2013 21:19:37
    VBASE012.VDF : 7.11.55.146 2048 Bytes 03/01/2013 21:19:37
    VBASE013.VDF : 7.11.55.196 260096 Bytes 04/01/2013 21:19:39
    VBASE014.VDF : 7.11.56.23 206848 Bytes 07/01/2013 18:00:43
    VBASE015.VDF : 7.11.56.83 186880 Bytes 08/01/2013 18:01:37
    VBASE016.VDF : 7.11.56.145 135168 Bytes 09/01/2013 18:02:14
    VBASE017.VDF : 7.11.56.211 139776 Bytes 11/01/2013 18:02:14
    VBASE018.VDF : 7.11.57.11 153088 Bytes 13/01/2013 18:02:29
    VBASE019.VDF : 7.11.57.75 165888 Bytes 15/01/2013 18:07:04
    VBASE020.VDF : 7.11.57.163 190976 Bytes 17/01/2013 18:07:05
    VBASE021.VDF : 7.11.57.219 119808 Bytes 18/01/2013 18:50:08
    VBASE022.VDF : 7.11.58.7 167936 Bytes 21/01/2013 18:50:10
    VBASE023.VDF : 7.11.58.8 2048 Bytes 21/01/2013 18:50:10
    VBASE024.VDF : 7.11.58.9 2048 Bytes 21/01/2013 18:50:10
    VBASE025.VDF : 7.11.58.10 2048 Bytes 21/01/2013 18:50:10
    VBASE026.VDF : 7.11.58.11 2048 Bytes 21/01/2013 18:50:11
    VBASE027.VDF : 7.11.58.12 2048 Bytes 21/01/2013 18:50:11
    VBASE028.VDF : 7.11.58.13 2048 Bytes 21/01/2013 18:50:11
    VBASE029.VDF : 7.11.58.14 2048 Bytes 21/01/2013 18:50:12
    VBASE030.VDF : 7.11.58.15 2048 Bytes 21/01/2013 18:50:12
    VBASE031.VDF : 7.11.58.26 62464 Bytes 21/01/2013 18:50:12
    Engine version : 8.2.10.236
    AEVDF.DLL : 8.1.2.10 102772 Bytes 10/07/2012 21:45:25
    AESCRIPT.DLL : 8.1.4.82 467323 Bytes 17/01/2013 18:07:08
    AESCN.DLL : 8.1.10.0 131445 Bytes 13/12/2012 20:41:41
    AESBX.DLL : 8.2.5.12 606578 Bytes 14/06/2012 20:45:02
    AERDL.DLL : 8.2.0.88 643444 Bytes 10/01/2013 18:02:31
    AEPACK.DLL : 8.3.1.2 819574 Bytes 20/12/2012 20:41:49
    AEOFFICE.DLL : 8.1.2.50 201084 Bytes 05/11/2012 18:33:14
    AEHEUR.DLL : 8.1.4.180 5665144 Bytes 21/01/2013 18:50:26
    AEHELP.DLL : 8.1.25.2 258423 Bytes 13/10/2012 10:10:43
    AEGEN.DLL : 8.1.6.14 434548 Bytes 10/01/2013 18:02:20
    AEEXP.DLL : 8.3.0.12 188789 Bytes 21/01/2013 18:50:26
    AEEMU.DLL : 8.1.3.2 393587 Bytes 10/07/2012 21:45:23
    AECORE.DLL : 8.1.30.0 201079 Bytes 13/12/2012 20:41:30
    AEBB.DLL : 8.1.1.4 53619 Bytes 05/11/2012 18:32:33
    AVWINLL.DLL : 12.3.0.15 27344 Bytes 08/05/2012 22:41:09
    AVPREF.DLL : 12.3.0.32 50720 Bytes 14/11/2012 18:32:52
    AVREP.DLL : 12.3.0.15 179208 Bytes 08/05/2012 22:41:10
    AVARKT.DLL : 12.3.0.33 209696 Bytes 14/11/2012 18:32:51
    AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 08/05/2012 22:41:09
    SQLITE3.DLL : 3.7.0.1 398288 Bytes 08/05/2012 22:41:09
    AVSMTP.DLL : 12.3.0.32 63480 Bytes 08/08/2012 22:06:31
    NETNT.DLL : 12.3.0.15 17104 Bytes 08/05/2012 22:41:09
    RCIMAGE.DLL : 12.3.0.31 4445944 Bytes 08/08/2012 22:06:01
    RCTEXT.DLL : 12.3.0.32 97056 Bytes 14/11/2012 18:32:45

    Configuration settings for the scan:
    Jobname.............................: Complete system scan
    Configuration file..................: C:\ProgramData\Avira\AntiVir Desktop\PROFILES\AVSCAN-20130122-164322-52C81AA3.avp
    Logging.............................: default
    Primary action......................: Interactive
    Secondary action....................: Ignore
    Scan master boot sector.............: on
    Scan boot sector....................: on
    Boot sectors........................: C:, D:,
    Process scan........................: on
    Extended process scan...............: on
    Scan registry.......................: on
    Search for rootkits.................: on
    Integrity checking of system files..: off
    Scan all files......................: All files
    Scan archives.......................: on
    Recursion depth.....................: 20
    Smart extensions....................: on
    Macro heuristic.....................: on
    File heuristic......................: extended

    Start of the scan: 22 January 2013 16:47

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!
    Boot sector 'D:\'
    [INFO] No virus was found!

    Starting search for hidden objects.
    HKEY_USERS\S-1-5-21-1782297335-1938775777-2195318004-1000\Software\Avira\AntiVir Desktop\profDataStr
    [NOTE] The registry entry is invisible.
    Hidden driver
    [NOTE] A memory modification has been detected, which could potentially be used to hide file access attempts.

    The scan of running processes will be started
    Scan process 'chrome.exe' - '39' Module(s) have been scanned
    Scan process 'chrome.exe' - '39' Module(s) have been scanned
    Scan process 'chrome.exe' - '39' Module(s) have been scanned
    Scan process 'ymsgr_tray.exe' - '35' Module(s) have been scanned
    Scan process 'chrome.exe' - '39' Module(s) have been scanned
    Scan process 'chrome.exe' - '39' Module(s) have been scanned
    Scan process 'chrome.exe' - '50' Module(s) have been scanned
    Scan process 'chrome.exe' - '39' Module(s) have been scanned
    Scan process 'chrome.exe' - '39' Module(s) have been scanned
    Scan process 'chrome.exe' - '39' Module(s) have been scanned
    Scan process 'chrome.exe' - '39' Module(s) have been scanned
    Scan process 'chrome.exe' - '39' Module(s) have been scanned
    Scan process 'chrome.exe' - '64' Module(s) have been scanned
    Scan process 'chrome.exe' - '100' Module(s) have been scanned
    Scan process 'jusched.exe' - '25' Module(s) have been scanned
    Scan process 'YahooAUService.exe' - '48' Module(s) have been scanned
    Scan process 'iTunesHelper.exe' - '71' Module(s) have been scanned
    Scan process 'issch.exe' - '40' Module(s) have been scanned
    Scan process 'postgres.exe' - '37' Module(s) have been scanned
    Scan process 'postgres.exe' - '37' Module(s) have been scanned
    Scan process 'postgres.exe' - '37' Module(s) have been scanned
    Scan process 'postgres.exe' - '37' Module(s) have been scanned
    Scan process 'postgres.exe' - '47' Module(s) have been scanned
    Scan process 'pg_ctl.exe' - '41' Module(s) have been scanned
    Scan process 'AppleMobileDeviceService.exe' - '63' Module(s) have been scanned
    Scan process 'hpqSRMon.exe' - '30' Module(s) have been scanned
    Scan process 'avscan.exe' - '89' Module(s) have been scanned
    Scan process 'avcenter.exe' - '82' Module(s) have been scanned
    Scan process 'openvpntray.exe' - '45' Module(s) have been scanned
    Scan process 'avgnt.exe' - '82' Module(s) have been scanned
    Scan process 'flux.exe' - '53' Module(s) have been scanned
    Scan process 'DCSHelper.exe' - '28' Module(s) have been scanned
    Scan process 'OpenTFTPServerMT.exe' - '23' Module(s) have been scanned
    Scan process 'ouc.exe' - '26' Module(s) have been scanned
    Scan process 'mbbservice.exe' - '32' Module(s) have been scanned
    Scan process 'hsswd.exe' - '36' Module(s) have been scanned
    Scan process 'hsssrv.exe' - '36' Module(s) have been scanned
    Scan process 'openvpnas.exe' - '44' Module(s) have been scanned
    Scan process 'avguard.exe' - '62' Module(s) have been scanned
    Scan process 'sched.exe' - '42' Module(s) have been scanned


    End of the scan: 22 January 2013 17:21
    Used time: 34:19 Minute(s)

    The scan has been done completely.

    0 Scanned directories
    1832 Files were scanned
    0 Viruses and/or unwanted programs were found
    0 Files were classified as suspicious
    0 Files were deleted
    0 Viruses and unwanted programs were repaired
    0 Files were moved to quarantine
    0 Files were renamed
    0 Files cannot be scanned
    1832 Files not concerned
    0 Archives were scanned
    0 Warnings
    2 Notes
    1069687 Objects were scanned with rootkit scan
    2 Hidden objects were found
     
  3. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    113,293
    The first one is related to Avira so it's basically detecting itself.

    The second may be related to Avira as well but it's not specified.

    Please download GMER from: http://www.gmer.net

    Click on the "Download EXE" button and save the randomly named .exe file to your desktop.

    Note: You must uninstall any CD Emulation programs that you have before running GMER as they can cause conflicts and give false results.

    Double click the GMER .exe file on your desktop to run the tool and it will automatically do a quick scan.

    If the tool warns of rootkit activity and asks if you want to run a full scan, click on No and make sure the following are unchecked on the right-hand side:

    IAT/EAT
    Any drive letter other than the primary system drive (which is generally C).

    Click the Scan button and when the scan is finished, click Save and save the log in Notepad with the name ark.txt to your desktop.

    Note: It's important that all other windows be closed and that you don't touch the mouse or do anything with the computer during the scan as it may cause it to freeze. You should disable your screen saver as if it comes on it may cause the program to freeze.

    Open the ark.txt file and copy and paste the contents of the log here please.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1086413

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice