1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

'Warnings' after Avira removed EXP/2011-3544.DL.1 and EXP/CVE-2012-0507

Discussion in 'Virus & Other Malware Removal' started by Ice4, Jul 10, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. Ice4

    Ice4 Thread Starter

    Joined:
    Oct 8, 2007
    Messages:
    131
    I've been trying to get various things to work on my new computer (Windows 7 64-bit) and apparently caught something in the process, or possibly when I was downloading a video, which is when I first noticed a problem.

    All of a sudden Firefox became unresponsive, then the entire computer stopped responding. I unplugged from the internet, and tried to shut down the computer, but couldn't. I tried CTRL/ALT/Delete, but nothing happened. I finally held down the power button and got it to turn off.

    After rebooting this happened again, and this time it didn't seem to shut all the way down. A light was still on, until I unplugged the computer, and took out the battery.

    I did a scan with Avira, which found two files, with a total of 9 problems, and quarantined them. It also found three 'warnings' but didn't do anything about them. So I ran the Kaspersky online scanner, and it also found three 'vulnerabilities'. I'm pasting the event log entries of Avira and the log from the Kaspersky scanner below. I also ran an MBAM scan which didn't find anything.



    I tried to run HiJackThis, but got a couple of error messages:

    >>
    For some reason your system denied write access to the Hosts file. If any hijacked domains are in this file, HijackThis may NOT be able to fix this.

    If that happens, you need to edit the file yourself. To do this, click Start, Run and type:

    notepad C:\windows\System32\drivers\etc\hosts

    and press Enter. Find the line(s) HijackThis reports and delete them.
    Save the file as 'hosts.'(with quotes), and reboot.

    For Vista: simply, exit HijackThis, right click on the HijackThis icon, choose 'Run as administrator'.
    <<

    After I clicked OK, it said:

    >>
    Cannot find the C:\Program Files (x96)\Trend Micro\HijackThis\hijackthis.log file.

    Do you want to create a new file?
    <<

    I didn't know what this meant, so said No for now. I thought maybe I could then copy and paste the results, but it wouldn't let me. Could someone walk me through this, if still necessary after I paste all the other info?

    Would greatly appreciate some help with this.





    These are the two items from the Avira event log:

    The file 'C:\Users\IF\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\9a26541-669615cd' contained a virus or unwanted program 'EXP/2011-3544.DL.1' [exploit]
    Action(s) taken: The file was moved to the quarantine directory under the name '4d26d232.qua'.

    The file 'C:\Users\IF\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\51d8537b-488bf94f' contained a virus or unwanted program 'EXP/CVE-2012-0507' [exploit]
    Action(s) taken: The file was moved to the quarantine directory under the name '55c3fd45.qua'.





    This is what Kaspersky online scanner said:

    Vulnerabilities (3)
    1. C:\Program Files (x86)\DVD Flick\imgburn\imgburn.exe
    2. C:\Program Files (x86)\GIMP-2.0\bin\libgtk-win32-2.0-0.dll
    3. C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll

    Other issues (11)
    1. "Autorun from hard drives is allowed"
    2. "Autorun from network drives is enabled"
    3. "CD/DVD autorun is enabled"
    4. "Removable media autorun is enabled"
    5. "Microsoft Internet Explorer: clear history of typed URLs"
    6. "Microsoft Internet Explorer - disable caching data received via protected channel"
    7. "Microsoft Internet Explorer: disable sending error reports"
    8. "Microsoft Internet Explorer: clear list of pop-up blocker exceptions"
    9. "Microsoft Internet Explorer: enable cache autocleanup on browser closing"
    10. "Windows Explorer: display of known file types extensions is disabled"
    11. "Microsoft Internet Explorer: start page reset"





    These are the DDS files:



    ATTACH:


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 5/7/2012 2:58:53 PM
    System Uptime: 7/10/2012 1:42:48 AM (10 hours ago)
    .
    Motherboard: Dell Inc. | | 01HXXJ
    Processor: Intel(R) Core(TM) i3-2350M CPU @ 2.30GHz | CPU 1 | 782/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 451 GiB total, 353.521 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    Accidental Damage Services Agreement
    Adobe AIR
    Adobe Flash Player 11 Plugin
    Adobe Reader X MUI
    Advanced Audio FX Engine
    Any Video Converter 3.3.8
    Apophysis 7x (64 bit)
    Apple Application Support
    Apple Software Update
    Avira Free Antivirus
    Banctec Service Agreement
    Blio
    CamStudio OSS Desktop Recorder
    CanoScan Toolbox Ver4.9
    Complete Care Business Service Agreement
    Consumer In-Home Service Agreement
    D3DX10
    Dell DataSafe Local Backup
    Dell DataSafe Local Backup - Support Software
    Dell DataSafe Online
    Dell Digital Delivery
    Dell Getting Started Guide
    Dell Home Systems Service Agreement
    Dell MusicStage
    Dell PhotoStage
    Dell Resource CD
    Dell Stage
    Dell Stage Remote
    Dell VideoStage
    Dell Webcam Central
    DirectX 9 Runtime
    DVD Flick 1.3.0.7
    DVD Shrink 3.2
    DVDStyler v2.2
    FileZilla Client 3.5.3
    Foxit Reader
    GIMP 2.4.7
    GoToAssist Corporate
    High-Definition Video Playback
    HiJackThis
    IDT Audio
    ImgBurn
    Intel(R) Control Center
    Intel(R) Management Engine Components
    Intel(R) Processor Graphics
    Intel(R) Rapid Storage Technology
    Java Auto Updater
    Java(TM) 7 Update 5
    Junk Mail filter update
    Kaspersky Security Scan
    Malwarebytes Anti-Malware version 1.61.0.1400
    Mesh Runtime
    Microsoft Office 2010
    Microsoft Office Click-to-Run 2010
    Microsoft Office Starter 2010 - English
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    MozBackup 1.5.1
    Mozilla Firefox 12.0 (x86 en-US)
    Mozilla Thunderbird 12.0.1 (x86 en-US)
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Nero 10 Movie ThemePack Basic
    Nero Control Center 10
    Nero ControlCenter 10 Help (CHM)
    Nero Core Components 10
    Nero Update
    OpenOffice.org 3.4
    PhotoShowExpress
    PlayReady PC Runtime x86
    Premium Service Agreement
    QualxServ Service Agreement
    QuickTime
    Realtek Ethernet Controller Driver
    Realtek USB 2.0 Card Reader
    Roxio Activation Module
    Roxio BackOnTrack
    Roxio Burn
    Roxio Creator Starter
    Roxio Express Labeler 3
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Skype Toolbars
    Skype¬ô 4.2
    Sonic CinePlayer Decoder Pack
    SyncUP
    Time Adjuster STANDARD 3.1
    UK's Kalender 2.3.2
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    VLC media player 2.0.1
    WavePad Sound Editor
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Xvid Video Codec
    Zinio Reader 4
    .
    ==== Event Viewer Messages From Past Week ========
    .
    7/9/2012 7:54:05 AM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:.
    7/9/2012 7:54:05 AM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
    7/9/2012 7:41:39 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
    7/8/2012 9:42:15 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume OS.
    7/10/2012 1:43:29 AM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: D@01010004
    .
    ==== End Of File ===========================






    DDS:



    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.0
    Run by IF at 11:45:31 on 2012-07-10
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3494.1908 [GMT -7:00]
    .
    AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
    SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\windows\system32\wininit.exe
    C:\windows\system32\lsm.exe
    C:\windows\system32\svchost.exe -k DcomLaunch
    C:\windows\system32\svchost.exe -k RPCSS
    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\system32\svchost.exe -k netsvcs
    C:\Program Files\IDT\WDM\STacSV64.exe
    C:\windows\system32\svchost.exe -k LocalService
    C:\windows\system32\svchost.exe -k NetworkService
    C:\windows\system32\WLANExt.exe
    C:\windows\system32\conhost.exe
    C:\windows\System32\spoolsv.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\windows\system32\taskhost.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    C:\Program Files\IDT\WDM\AESTSr64.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    C:\windows\system32\Dwm.exe
    C:\windows\Explorer.EXE
    C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    C:\windows\system32\conhost.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
    C:\windows\System32\rundll32.exe
    C:\Program Files\DellTPad\Apoint.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Classic Shell\ClassicStartMenu.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files (x86)\Kalender\Kalender.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\windows\system32\conhost.exe
    C:\windows\system32\SearchIndexer.exe
    C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\windows\System32\svchost.exe -k LocalServicePeerNet
    C:\windows\system32\DllHost.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
    C:\windows\system32\taskhost.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
    C:\windows\system32\SearchProtocolHost.exe
    C:\windows\system32\SearchFilterHost.exe
    C:\windows\system32\DllHost.exe
    C:\windows\system32\DllHost.exe
    C:\windows\SysWOW64\cmd.exe
    C:\windows\system32\conhost.exe
    C:\windows\SysWOW64\cscript.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\windows\system32\DllHost.exe
    .
    ============== Pseudo HJT Report ===============
    .
    mWinlogon: Userinit=userinit.exe
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: ExplorerBHO Class: {449d0d6e-2412-4e61-b68f-1cb625cd9e52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO: ClassicIE9BHO Class: {ea801577-e6ad-4bd5-8f71-4be0154331a4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll
    TB: Classic Explorer Bar: {553891b7-a0d5-4526-be18-d3ce461d6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
    uRun: [Kalender] C:\Program Files (x86)\Kalender\Kalender.exe
    uRun: [KSS] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" /autorun
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [<NO NAME>]
    mRun: [RoxWatchTray] "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
    mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
    mRunOnce: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {64964764-1101-4bbd-8891-B56B1A53B9B3} - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    TCP: DhcpNameServer = 75.101.19.192 66.117.136.6
    TCP: Interfaces\{43869EC2-32E7-4BAF-8EA4-E8E12825C4A2} : DhcpNameServer = 75.101.19.192 66.117.136.6
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO-X64: SkypeIEPluginBHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO-X64: ClassicIE9BHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll
    TB-X64: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
    mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun-x64: [(Default)]
    mRun-x64: [RoxWatchTray] "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
    mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
    mRunOnce-x64: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"
    IE-X64: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe
    IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\IF\AppData\Roaming\Mozilla\Firefox\Profiles\pogx8xn3.default\
    FF - prefs.js: browser.search.selectedEngine - Ixquick
    FF - prefs.js: browser.startup.homepage - hxxp://us.mc634.mail.yahoo.com/mc/showFolder?fid=Inbox&order=down&tt=34165&pSize=200&noajax
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
    FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll
    FF - plugin: C:\windows\SysWOW64\npmproxy.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 PxHlpa64;PxHlpa64;C:\windows\system32\Drivers\PxHlpa64.sys --> C:\windows\system32\Drivers\PxHlpa64.sys [?]
    R1 avkmgr;avkmgr;C:\windows\system32\DRIVERS\avkmgr.sys --> C:\windows\system32\DRIVERS\avkmgr.sys [?]
    R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
    R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
    R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
    R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-6-26 89600]
    R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-6-19 86224]
    R2 AntiVirService;Avira Realtime Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-6-19 110032]
    R2 avgntflt;avgntflt;C:\windows\system32\DRIVERS\avgntflt.sys --> C:\windows\system32\DRIVERS\avgntflt.sys [?]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-3-2 13336]
    R2 KSS;Kaspersky Security Scan Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [2012-4-25 202296]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-2 483688]
    R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2012-3-2 689472]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-3-2 2656280]
    R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\windows\system32\DRIVERS\CtClsFlt.sys --> C:\windows\system32\DRIVERS\CtClsFlt.sys [?]
    R3 IntcDAud;Intel(R) Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
    R3 MEIx64;Intel(R) Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
    R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?]
    R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?]
    R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?]
    R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-2 209768]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 BTWAMPFL;BTWAMPFL;C:\windows\system32\DRIVERS\btwampfl.sys --> C:\windows\system32\DRIVERS\btwampfl.sys [?]
    S3 btwl2cap;Bluetooth L2CAP Service;C:\windows\system32\DRIVERS\btwl2cap.sys --> C:\windows\system32\DRIVERS\btwl2cap.sys [?]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
    S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
    S4 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2012-4-10 166912]
    S4 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
    S4 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
    S4 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2012-07-10 17:02:00 -------- d-----w- C:\ProgramData\Kaspersky Lab
    2012-07-10 17:02:00 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab
    2012-07-08 12:24:08 -------- d-----w- C:\Users\IF\AppData\Local\ElevatedDiagnostics
    2012-07-07 04:07:48 49664 ----a-w- C:\windows\System32\CamCodec.dll
    2012-07-07 04:07:48 -------- d-----w- C:\Program Files (x86)\CamStudio 2.6b
    2012-07-07 02:27:49 696832 ----a-w- C:\windows\System32\xvidcore.dll
    2012-07-07 02:27:49 645632 ----a-w- C:\windows\SysWow64\xvidcore.dll
    2012-07-07 02:27:49 255488 ----a-w- C:\windows\System32\xvidvfw.dll
    2012-07-07 02:27:49 240640 ----a-w- C:\windows\SysWow64\xvidvfw.dll
    2012-07-07 02:27:49 173568 ----a-w- C:\windows\System32\xvid.ax
    2012-07-07 02:27:49 153088 ----a-w- C:\windows\SysWow64\xvid.ax
    2012-07-07 02:27:48 -------- d-----w- C:\Program Files (x86)\Xvid
    2012-07-06 23:58:40 -------- d-----w- C:\Users\IF\AppData\Local\Diagnostics
    2012-06-29 18:52:58 -------- d-----w- C:\Users\IF\AppData\Roaming\NCH Software
    2012-06-29 18:52:08 -------- d-----w- C:\Program Files (x86)\NCH Software
    2012-06-26 23:23:12 -------- d-----w- C:\Program Files\Common Files\Intel
    2012-06-26 23:23:11 -------- d-----w- C:\Program Files (x86)\Common Files\Intel
    2012-06-26 23:21:56 509976 ----a-w- C:\windows\System32\igfxsrvc.exe
    2012-06-26 23:21:56 167960 ----a-w- C:\windows\System32\igfxtray.exe
    2012-06-26 23:03:30 68608 ----a-w- C:\windows\System32\AESTAR64.dll
    2012-06-26 23:03:30 442368 ----a-w- C:\windows\System32\AESTEC64.dll
    2012-06-26 23:03:30 162304 ----a-w- C:\windows\System32\AESTAC64.dll
    2012-06-26 23:03:29 4780032 ----a-w- C:\windows\System32\stlang64.dll
    2012-06-26 23:03:29 1523712 ----a-w- C:\windows\System32\IDTNC64.cpl
    2012-06-26 23:02:52 654336 ------w- C:\windows\System32\stapi64.dll
    2012-06-26 23:02:52 528384 ----a-w- C:\windows\System32\drivers\stwrt64.sys
    2012-06-26 23:02:52 431616 ----a-w- C:\windows\System32\stcplx64.dll
    2012-06-26 23:02:52 224256 ----a-w- C:\windows\System32\st646341.dll
    2012-06-26 23:02:52 1965056 ----a-w- C:\windows\System32\stapo64.dll
    2012-06-26 23:02:49 -------- d-----w- C:\Program Files\IDT
    2012-06-25 05:42:41 -------- d-----w- C:\Users\IF\AppData\Local\CrashDumps
    2012-06-25 05:21:30 955840 ----a-w- C:\windows\System32\npDeployJava1.dll
    2012-06-22 10:40:11 2622464 ----a-w- C:\windows\System32\wucltux.dll
    2012-06-22 10:40:04 99840 ----a-w- C:\windows\System32\wudriver.dll
    2012-06-22 10:39:53 36864 ----a-w- C:\windows\System32\wuapp.exe
    2012-06-22 10:39:53 186752 ----a-w- C:\windows\System32\wuwebv.dll
    2012-06-22 08:04:16 -------- d-----w- C:\Users\IF\AppData\Roaming\AnvSoft
    2012-06-22 06:45:06 -------- d-----w- C:\Users\IF\.thumbnails
    2012-06-22 06:37:24 -------- d-----w- C:\Users\IF\.gimp-2.4
    2012-06-22 06:37:02 -------- d-----w- C:\Program Files (x86)\GIMP-2.0
    2012-06-22 05:57:21 -------- d-----w- C:\Users\IF\AppData\Local\fontconfig
    2012-06-22 05:57:19 -------- d-----w- C:\Users\IF\.gimp-2.8
    2012-06-22 05:57:18 -------- d-----w- C:\Users\IF\AppData\Local\gegl-0.2
    2012-06-19 12:19:45 -------- d-----w- C:\Program Files\Soluto
    2012-06-19 12:18:25 -------- d-----w- C:\ProgramData\Soluto
    2012-06-19 12:15:13 -------- d-----w- C:\Users\IF\AppData\Roaming\SUPERAntiSpyware.com
    2012-06-19 12:14:40 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
    2012-06-19 12:14:40 -------- d-----w- C:\Program Files\SUPERAntiSpyware
    2012-06-19 12:13:10 -------- d-----w- C:\Users\IF\AppData\Roaming\Malwarebytes
    2012-06-19 12:12:59 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-06-19 12:12:58 24904 ----a-w- C:\windows\System32\drivers\mbam.sys
    2012-06-19 12:12:58 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-06-19 12:08:53 -------- d-----w- C:\Users\IF\AppData\Roaming\Avira
    2012-06-19 12:07:50 98848 ----a-w- C:\windows\System32\drivers\avgntflt.sys
    2012-06-19 12:07:50 27760 ----a-w- C:\windows\System32\drivers\avkmgr.sys
    2012-06-19 12:07:49 -------- d-----w- C:\ProgramData\Avira
    2012-06-19 12:07:49 -------- d-----w- C:\Program Files (x86)\Avira
    2012-06-17 23:56:55 3146752 ----a-w- C:\windows\System32\win32k.sys
    2012-06-17 23:56:52 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys
    2012-06-17 23:56:47 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe
    2012-06-17 23:56:46 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
    2012-06-17 23:56:45 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
    2012-06-17 16:01:55 -------- d-----w- C:\Program Files (x86)\TimeAdjuster
    .
    ==================== Find3M ====================
    .
    2012-06-26 22:38:54 103272 ----a-w- C:\Users\IF\GoToAssistDownloadHelper.exe
    2012-06-25 05:20:56 839096 ----a-w- C:\windows\System32\deployJava1.dll
    2012-05-24 02:32:12 70304 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-05-24 02:32:12 419488 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
    2012-05-18 02:06:48 2311680 ----a-w- C:\windows\System32\jscript9.dll
    2012-05-18 01:59:14 1392128 ----a-w- C:\windows\System32\wininet.dll
    2012-05-18 01:58:39 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
    2012-05-18 01:55:22 173056 ----a-w- C:\windows\System32\ieUnatt.exe
    2012-05-18 01:51:30 2382848 ----a-w- C:\windows\System32\mshtml.tlb
    2012-05-17 22:45:37 1800192 ----a-w- C:\windows\SysWow64\jscript9.dll
    2012-05-17 22:35:47 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
    2012-05-17 22:35:39 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
    2012-05-17 22:29:45 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
    2012-05-17 22:24:45 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
    2012-05-05 02:29:22 772504 ----a-w- C:\windows\SysWow64\npDeployJava1.dll
    2012-05-05 02:29:16 687504 ----a-w- C:\windows\SysWow64\deployJava1.dll
    2012-04-26 05:41:56 77312 ----a-w- C:\windows\System32\rdpwsx.dll
    2012-04-26 05:41:55 149504 ----a-w- C:\windows\System32\rdpcorekmts.dll
    2012-04-26 05:34:27 9216 ----a-w- C:\windows\System32\rdrmemptylst.exe
    2012-04-19 03:56:30 94208 ----a-w- C:\windows\SysWow64\QuickTimeVR.qtx
    2012-04-19 03:56:30 69632 ----a-w- C:\windows\SysWow64\QuickTime.qts
    .
    ============= FINISH: 11:46:07.36 ===============
     
  2. Ice4

    Ice4 Thread Starter

    Joined:
    Oct 8, 2007
    Messages:
    131
    Replying to myself, in the hopes this doesn't get lost completely in the massive amount of posts. Still very concerned about the three 'warnings' that Avira never showed before, and which seem to be in a couple of program files.

    I don't know if it's safe to use these programs now, or if I should uninstall them and reinstall fresh. There's also the file in the SysWOW64 folder. I'm also concerned about doing any banking or other vulnerable activity on the computer until I know the exploits are truly gone.

    I'm sorry I was not able to attach a HiJackThis log, because of a couple of error messages that I didn't know what to do with, so I'm hoping someone could tell me what to do about that too. And I didn't do anything with GMER, because I'm on 64-bit, and my understanding from the instructions in the STICKY is that I have to skip that step. If that's wrong, please let me know.
     
  3. Ice4

    Ice4 Thread Starter

    Joined:
    Oct 8, 2007
    Messages:
    131
    Since posting this, Avira now says that there are 6 Warnings, and today lists 1 Hidden object, as well as a Note. I did just install several Windows Updates, but otherwise I've not really done much on the computer. I am concerned that the Avira scan keeps finding more stuff, but is doing nothing about it. It never found any Warnings before the two exploits. I also noticed that the Avira Warnings are not the same files as what Kaspersky found as Vulnerabilities. Really hoping someone here can enlighten me as to what's going on.

    This is the report from my last scan:

    Avira Free Antivirus
    Report file date: Wednesday, July 11, 2012 19:29

    Scanning for 3862201 virus strains and unwanted programs.

    The program is running as an unrestricted full version.
    Online services are available.

    Licensee : Avira AntiVir Personal - Free Antivirus
    Serial number : 0000149996-ADJIE-0000001
    Platform : Windows 7 Home Premium
    Windows version : (Service Pack 1) [6.1.7601]
    Boot mode : Normally booted
    Username : SYSTEM
    Computer name : IF-PC

    Version information:
    BUILD.DAT : 12.0.0.1125 41829 Bytes 5/2/2012 17:40:00
    AVSCAN.EXE : 12.3.0.15 466896 Bytes 5/2/2012 07:48:51
    AVSCAN.DLL : 12.3.0.15 54736 Bytes 5/2/2012 22:31:39
    LUKE.DLL : 12.3.0.15 68304 Bytes 5/2/2012 08:31:47
    AVSCPLR.DLL : 12.3.0.14 97032 Bytes 5/2/2012 07:13:36
    AVREG.DLL : 12.3.0.17 232200 Bytes 6/19/2012 12:10:04
    VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 03:18:34
    VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 08:23:21
    VBASE002.VDF : 7.11.19.170 14374912 Bytes 12/20/2011 08:32:24
    VBASE003.VDF : 7.11.21.238 4472832 Bytes 2/1/2012 18:58:50
    VBASE004.VDF : 7.11.26.44 4329472 Bytes 3/28/2012 19:43:53
    VBASE005.VDF : 7.11.34.116 4034048 Bytes 6/29/2012 12:09:12
    VBASE006.VDF : 7.11.34.117 2048 Bytes 6/29/2012 12:09:12
    VBASE007.VDF : 7.11.34.118 2048 Bytes 6/29/2012 12:09:12
    VBASE008.VDF : 7.11.34.119 2048 Bytes 6/29/2012 12:09:12
    VBASE009.VDF : 7.11.34.120 2048 Bytes 6/29/2012 12:09:12
    VBASE010.VDF : 7.11.34.121 2048 Bytes 6/29/2012 12:09:12
    VBASE011.VDF : 7.11.34.122 2048 Bytes 6/29/2012 12:09:12
    VBASE012.VDF : 7.11.34.123 2048 Bytes 6/29/2012 12:09:12
    VBASE013.VDF : 7.11.34.124 2048 Bytes 6/29/2012 12:09:12
    VBASE014.VDF : 7.11.34.201 169472 Bytes 7/2/2012 05:46:31
    VBASE015.VDF : 7.11.35.19 122368 Bytes 7/4/2012 05:46:35
    VBASE016.VDF : 7.11.35.87 146944 Bytes 7/6/2012 05:46:31
    VBASE017.VDF : 7.11.35.143 126464 Bytes 7/9/2012 11:52:05
    VBASE018.VDF : 7.11.35.144 2048 Bytes 7/9/2012 11:52:06
    VBASE019.VDF : 7.11.35.145 2048 Bytes 7/9/2012 11:52:06
    VBASE020.VDF : 7.11.35.146 2048 Bytes 7/9/2012 11:52:06
    VBASE021.VDF : 7.11.35.147 2048 Bytes 7/9/2012 11:52:06
    VBASE022.VDF : 7.11.35.148 2048 Bytes 7/9/2012 11:52:06
    VBASE023.VDF : 7.11.35.149 2048 Bytes 7/9/2012 11:52:07
    VBASE024.VDF : 7.11.35.150 2048 Bytes 7/9/2012 11:52:07
    VBASE025.VDF : 7.11.35.151 2048 Bytes 7/9/2012 11:52:07
    VBASE026.VDF : 7.11.35.152 2048 Bytes 7/9/2012 11:52:07
    VBASE027.VDF : 7.11.35.153 2048 Bytes 7/9/2012 11:52:08
    VBASE028.VDF : 7.11.35.154 2048 Bytes 7/9/2012 11:52:08
    VBASE029.VDF : 7.11.35.155 2048 Bytes 7/9/2012 11:52:08
    VBASE030.VDF : 7.11.35.156 2048 Bytes 7/9/2012 11:52:09
    VBASE031.VDF : 7.11.35.232 143360 Bytes 7/11/2012 01:38:27
    Engine version : 8.2.10.110
    AEVDF.DLL : 8.1.2.10 102772 Bytes 7/10/2012 11:52:27
    AESCRIPT.DLL : 8.1.4.32 455034 Bytes 7/6/2012 05:47:17
    AESCN.DLL : 8.1.8.2 131444 Bytes 2/17/2012 01:11:36
    AESBX.DLL : 8.2.5.12 606578 Bytes 6/19/2012 12:10:02
    AERDL.DLL : 8.1.9.15 639348 Bytes 1/21/2012 08:22:40
    AEPACK.DLL : 8.3.0.12 807286 Bytes 7/10/2012 11:52:25
    AEOFFICE.DLL : 8.1.2.40 201082 Bytes 6/29/2012 12:09:25
    AEHEUR.DLL : 8.1.4.64 5009782 Bytes 7/6/2012 05:47:14
    AEHELP.DLL : 8.1.23.2 258422 Bytes 6/29/2012 12:09:15
    AEGEN.DLL : 8.1.5.32 434548 Bytes 7/7/2012 05:46:37
    AEEXP.DLL : 8.1.0.62 86389 Bytes 7/12/2012 01:38:28
    AEEMU.DLL : 8.1.3.2 393587 Bytes 7/10/2012 11:52:18
    AECORE.DLL : 8.1.27.2 201078 Bytes 7/10/2012 11:52:14
    AEBB.DLL : 8.1.1.0 53618 Bytes 1/21/2012 08:22:35
    AVWINLL.DLL : 12.3.0.15 27344 Bytes 5/2/2012 07:59:21
    AVPREF.DLL : 12.3.0.15 51920 Bytes 5/2/2012 07:44:31
    AVREP.DLL : 12.3.0.15 179208 Bytes 5/2/2012 07:13:35
    AVARKT.DLL : 12.3.0.15 211408 Bytes 5/2/2012 07:21:32
    AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 5/2/2012 07:28:49
    SQLITE3.DLL : 3.7.0.1 398288 Bytes 4/17/2012 06:11:02
    AVSMTP.DLL : 12.3.0.15 63440 Bytes 5/2/2012 07:51:35
    NETNT.DLL : 12.3.0.15 17104 Bytes 5/2/2012 08:33:29
    RCIMAGE.DLL : 12.3.0.15 4450000 Bytes 5/2/2012 09:03:52
    RCTEXT.DLL : 12.3.0.15 96720 Bytes 5/2/2012 22:40:44

    Configuration settings for the scan:
    Jobname.............................: Complete system scan
    Configuration file..................: C:\program files (x86)\avira\antivir desktop\sysscan.avp
    Logging.............................: default
    Primary action......................: Interactive
    Secondary action....................: Ignore
    Scan master boot sector.............: on
    Scan boot sector....................: on
    Boot sectors........................: C:, Q:,
    Process scan........................: on
    Extended process scan...............: on
    Scan registry.......................: on
    Search for rootkits.................: on
    Integrity checking of system files..: off
    Scan all files......................: All files
    Scan archives.......................: on
    Recursion depth.....................: 20
    Smart extensions....................: on
    Macro heuristic.....................: on
    File heuristic......................: extended

    Start of the scan: Wednesday, July 11, 2012 19:29

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!
    Boot sector 'Q:\'
    [INFO] No virus was found!
    [INFO] Please restart the search with Administrator rights

    Starting search for hidden objects.
    HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\RegisteredOrganization
    [NOTE] The registry entry is invisible.

    The scan of running processes will be started
    Scan process 'avscan.exe' - '89' Module(s) have been scanned
    Scan process 'avcenter.exe' - '76' Module(s) have been scanned
    Scan process 'UNS.exe' - '41' Module(s) have been scanned
    Scan process 'LMS.exe' - '29' Module(s) have been scanned
    Scan process 'IAStorDataMgrSvc.exe' - '47' Module(s) have been scanned
    Scan process 'avgnt.exe' - '77' Module(s) have been scanned
    Scan process 'IAStorIcon.exe' - '48' Module(s) have been scanned
    Scan process 'kss.exe' - '86' Module(s) have been scanned
    Scan process 'Kalender.exe' - '31' Module(s) have been scanned
    Scan process 'STService.exe' - '55' Module(s) have been scanned
    Scan process 'CVHSVC.EXE' - '60' Module(s) have been scanned
    Scan process 'sftlist.exe' - '68' Module(s) have been scanned
    Scan process 'sftvsa.exe' - '28' Module(s) have been scanned
    Scan process 'sftservice.EXE' - '49' Module(s) have been scanned
    Scan process 'kss.exe' - '131' Module(s) have been scanned
    Scan process 'avguard.exe' - '69' Module(s) have been scanned
    Scan process 'sched.exe' - '43' Module(s) have been scanned

    Starting to scan executable files (registry).
    The registry was scanned ( '3792' files ).


    Starting the file scan:

    Begin scan in 'C:\' <OS>
    C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.dat
    [WARNING] The file is password protected
    C:\Program Files (x86)\InstallShield Installation Information\{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}\SupportFiles.7z
    [WARNING] The archive is password protected
    C:\Program Files (x86)\OpenOffice.org 3\Basis\presets\config\standard.sob
    [WARNING] Invalid compressed data
    C:\Users\IF\AppData\Roaming\OpenOffice.org\3\user\config\standard.sob
    [WARNING] Invalid compressed data
    C:\Users\IF\Desktop\Installers\avira_free_antivirus_en.exe
    [WARNING] The file is password protected
    C:\Users\IF\Desktop\lide60vst6411111a_64en\lide60vst6411111a_64en\SetupSG.exe
    [WARNING] Invalid compressed data
    Begin scan in 'Q:\'
    Search path Q:\ could not be opened!
    System error [5]: Access is denied.


    End of the scan: Wednesday, July 11, 2012 20:31
    Used time: 1:01:22 Hour(s)

    The scan has been done completely.

    24869 Scanned directories
    451820 Files were scanned
    0 Viruses and/or unwanted programs were found
    0 Files were classified as suspicious
    0 Files were deleted
    0 Viruses and unwanted programs were repaired
    0 Files were moved to quarantine
    0 Files were renamed
    0 Files cannot be scanned
    451820 Files not concerned
    3468 Archives were scanned
    6 Warnings
    1 Notes
    656603 Objects were scanned with rootkit scan
    1 Hidden objects were found
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1060433