TechSpot

[Closed] 8 steps .. will update as it go

By misschievous
Oct 16, 2010
  1. DL Avira Free ... installed ... run ... here is the log



    Avira AntiVir Personal
    Report file date: Saturday, October 16, 2010 13:09

    Scanning for 2939810 virus strains and unwanted programs.

    The program is running as an unrestricted full version.
    Online services are available:

    Licensee : Avira AntiVir Personal - FREE Antivirus
    Serial number : 0000149996-ADJIE-0000001
    Platform : Windows Vista
    Windows version : (Service Pack 2) [6.0.6002]
    Boot mode : Normally booted
    Username : SYSTEM
    Computer name : KJOLT1

    Version information:
    BUILD.DAT : 10.0.0.567 32097 Bytes 4/19/2010 15:07:00
    AVSCAN.EXE : 10.0.3.0 433832 Bytes 4/1/2010 18:37:38
    AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 18:57:04
    LUKE.DLL : 10.0.2.3 104296 Bytes 3/8/2010 00:33:04
    LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 05:40:49
    VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 15:05:36
    VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 01:27:49
    VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 23:37:42
    VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 22:37:42
    VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 17:29:03
    VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 18:01:17
    VBASE006.VDF : 7.10.7.218 2294784 Bytes 6/2/2010 18:01:25
    VBASE007.VDF : 7.10.9.165 4840960 Bytes 7/23/2010 18:01:42
    VBASE008.VDF : 7.10.11.133 3454464 Bytes 9/13/2010 18:01:57
    VBASE009.VDF : 7.10.11.134 2048 Bytes 9/13/2010 18:01:57
    VBASE010.VDF : 7.10.11.135 2048 Bytes 9/13/2010 18:01:58
    VBASE011.VDF : 7.10.11.136 2048 Bytes 9/13/2010 18:01:58
    VBASE012.VDF : 7.10.11.137 2048 Bytes 9/13/2010 18:01:58
    VBASE013.VDF : 7.10.11.165 172032 Bytes 9/15/2010 18:01:59
    VBASE014.VDF : 7.10.11.202 144384 Bytes 9/18/2010 18:02:00
    VBASE015.VDF : 7.10.11.231 129024 Bytes 9/21/2010 18:02:01
    VBASE016.VDF : 7.10.12.4 126464 Bytes 9/23/2010 18:02:01
    VBASE017.VDF : 7.10.12.38 146944 Bytes 9/27/2010 18:02:02
    VBASE018.VDF : 7.10.12.64 133120 Bytes 9/29/2010 18:02:03
    VBASE019.VDF : 7.10.12.99 134144 Bytes 10/1/2010 18:02:03
    VBASE020.VDF : 7.10.12.122 131584 Bytes 10/5/2010 18:02:04
    VBASE021.VDF : 7.10.12.148 119296 Bytes 10/7/2010 18:02:05
    VBASE022.VDF : 7.10.12.175 142848 Bytes 10/11/2010 18:02:06
    VBASE023.VDF : 7.10.12.198 131584 Bytes 10/13/2010 18:02:06
    VBASE024.VDF : 7.10.12.216 133120 Bytes 10/14/2010 18:02:07
    VBASE025.VDF : 7.10.12.217 2048 Bytes 10/14/2010 18:02:07
    VBASE026.VDF : 7.10.12.218 2048 Bytes 10/14/2010 18:02:07
    VBASE027.VDF : 7.10.12.219 2048 Bytes 10/14/2010 18:02:08
    VBASE028.VDF : 7.10.12.220 2048 Bytes 10/14/2010 18:02:08
    VBASE029.VDF : 7.10.12.221 2048 Bytes 10/14/2010 18:02:08
    VBASE030.VDF : 7.10.12.222 2048 Bytes 10/14/2010 18:02:08
    VBASE031.VDF : 7.10.12.230 66048 Bytes 10/16/2010 18:02:09
    Engineversion : 8.2.4.82
    AEVDF.DLL : 8.1.2.1 106868 Bytes 10/16/2010 18:02:23
    AESCRIPT.DLL : 8.1.3.45 1368443 Bytes 10/16/2010 18:02:22
    AESCN.DLL : 8.1.6.1 127347 Bytes 10/16/2010 18:02:21
    AESBX.DLL : 8.1.3.1 254324 Bytes 10/16/2010 18:02:23
    AERDL.DLL : 8.1.9.2 635252 Bytes 10/16/2010 18:02:20
    AEPACK.DLL : 8.2.3.11 471416 Bytes 10/16/2010 18:02:19
    AEOFFICE.DLL : 8.1.1.8 201081 Bytes 10/16/2010 18:02:18
    AEHEUR.DLL : 8.1.2.35 2961784 Bytes 10/16/2010 18:02:17
    AEHELP.DLL : 8.1.14.0 246134 Bytes 10/16/2010 18:02:13
    AEGEN.DLL : 8.1.3.23 401779 Bytes 10/16/2010 18:02:12
    AEEMU.DLL : 8.1.2.0 393588 Bytes 10/16/2010 18:02:11
    AECORE.DLL : 8.1.17.0 196982 Bytes 10/16/2010 18:02:11
    AEBB.DLL : 8.1.1.0 53618 Bytes 10/16/2010 18:02:10
    AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 18:03:38
    AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 18:03:35
    AVREP.DLL : 10.0.0.8 62209 Bytes 2/18/2010 22:47:40
    AVREG.DLL : 10.0.3.0 53096 Bytes 4/1/2010 18:35:46
    AVSCPLR.DLL : 10.0.3.0 83816 Bytes 4/1/2010 18:39:51
    AVARKT.DLL : 10.0.0.14 227176 Bytes 4/1/2010 18:22:13
    AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 15:53:30
    SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 18:57:58
    AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 21:38:56
    NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 20:41:00
    RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 19:10:20
    RCTEXT.DLL : 10.0.53.0 97128 Bytes 4/9/2010 20:14:29

    Configuration settings for the scan:
    Jobname.............................: Complete system scan
    Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
    Logging.............................: low
    Primary action......................: interactive
    Secondary action....................: ignore
    Scan master boot sector.............: on
    Scan boot sector....................: on
    Boot sectors........................: C:, D:,
    Process scan........................: on
    Extended process scan...............: on
    Scan registry.......................: on
    Search for rootkits.................: on
    Integrity checking of system files..: off
    Scan all files......................: All files
    Scan archives.......................: on
    Recursion depth.....................: 20
    Smart extensions....................: on
    Macro heuristic.....................: on
    File heuristic......................: medium

    Start of the scan: Saturday, October 16, 2010 13:09

    Starting search for hidden objects.
    c:\windows\system32\regsvr32.exe
    c:\Windows\System32\regsvr32.exe
    [NOTE] The process is not visible.

    The scan of running processes will be started
    Scan process 'Solitaire.exe' - '77' Module(s) have been scanned
    Scan process 'iexplore.exe' - '163' Module(s) have been scanned
    Scan process 'svchost.exe' - '34' Module(s) have been scanned
    Scan process 'vssvc.exe' - '53' Module(s) have been scanned
    Scan process 'avscan.exe' - '83' Module(s) have been scanned
    Scan process 'avcenter.exe' - '110' Module(s) have been scanned
    Scan process 'svchost.exe' - '33' Module(s) have been scanned
    Scan process 'avgnt.exe' - '60' Module(s) have been scanned
    Scan process 'sched.exe' - '58' Module(s) have been scanned
    Scan process 'avshadow.exe' - '37' Module(s) have been scanned
    Scan process 'avguard.exe' - '69' Module(s) have been scanned
    Scan process 'iexplore.exe' - '166' Module(s) have been scanned
    Scan process 'iexplore.exe' - '86' Module(s) have been scanned
    Scan process 'Taskmgr.exe' - '64' Module(s) have been scanned
    Scan process 'hphc_service.exe' - '32' Module(s) have been scanned
    Scan process 'hpswp_clipbook.exe' - '37' Module(s) have been scanned
    Scan process 'hpqgpc01.exe' - '49' Module(s) have been scanned
    Scan process 'hpqbam08.exe' - '31' Module(s) have been scanned
    Scan process 'hpqSTE08.exe' - '67' Module(s) have been scanned
    Scan process 'ehmsas.exe' - '31' Module(s) have been scanned
    Scan process 'xaudio.exe' - '21' Module(s) have been scanned
    Scan process 'SearchIndexer.exe' - '64' Module(s) have been scanned
    Scan process 'svchost.exe' - '34' Module(s) have been scanned
    Scan process 'SynTPEnh.exe' - '34' Module(s) have been scanned
    Scan process 'svchost.exe' - '53' Module(s) have been scanned
    Scan process 'hpqtra08.exe' - '97' Module(s) have been scanned
    Scan process 'sidebar.exe' - '60' Module(s) have been scanned
    Scan process 'ehtray.exe' - '34' Module(s) have been scanned
    Scan process 'realsched.exe' - '39' Module(s) have been scanned
    Scan process 'hpwuSchd2.exe' - '26' Module(s) have been scanned
    Scan process 'SynTPStart.exe' - '31' Module(s) have been scanned
    Scan process 'SeaPort.exe' - '61' Module(s) have been scanned
    Scan process 'RichVideo.exe' - '24' Module(s) have been scanned
    Scan process 'Explorer.EXE' - '135' Module(s) have been scanned
    Scan process 'mozybackup.exe' - '30' Module(s) have been scanned
    Scan process 'Dwm.exe' - '37' Module(s) have been scanned
    Scan process 'QPCapSvc.exe' - '83' Module(s) have been scanned
    Scan process 'svchost.exe' - '46' Module(s) have been scanned
    Scan process 'svchost.exe' - '31' Module(s) have been scanned
    Scan process 'mozybackup.exe' - '50' Module(s) have been scanned
    Scan process 'MDM.EXE' - '27' Module(s) have been scanned
    Scan process 'taskeng.exe' - '84' Module(s) have been scanned
    Scan process 'LSSrvc.exe' - '28' Module(s) have been scanned
    Scan process 'svchost.exe' - '47' Module(s) have been scanned
    Scan process 'AppleMobileDeviceService.exe' - '36' Module(s) have been scanned
    Scan process 'rundll32.exe' - '64' Module(s) have been scanned
    Scan process 'svchost.exe' - '61' Module(s) have been scanned
    Scan process 'taskeng.exe' - '53' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '112' Module(s) have been scanned
    Scan process 'WLANExt.exe' - '47' Module(s) have been scanned
    Scan process 'svchost.exe' - '103' Module(s) have been scanned
    Scan process 'rundll32.exe' - '47' Module(s) have been scanned
    Scan process 'svchost.exe' - '95' Module(s) have been scanned
    Scan process 'SLsvc.exe' - '29' Module(s) have been scanned
    Scan process 'svchost.exe' - '43' Module(s) have been scanned
    Scan process 'AUDIODG.EXE' - '48' Module(s) have been scanned
    Scan process 'svchost.exe' - '149' Module(s) have been scanned
    Scan process 'svchost.exe' - '122' Module(s) have been scanned
    Scan process 'svchost.exe' - '77' Module(s) have been scanned
    Scan process 'svchost.exe' - '46' Module(s) have been scanned
    Scan process 'nvvsvc.exe' - '29' Module(s) have been scanned
    Scan process 'svchost.exe' - '51' Module(s) have been scanned
    Scan process 'winlogon.exe' - '44' Module(s) have been scanned
    Scan process 'lsm.exe' - '30' Module(s) have been scanned
    Scan process 'lsass.exe' - '68' Module(s) have been scanned
    Scan process 'services.exe' - '41' Module(s) have been scanned
    Scan process 'csrss.exe' - '14' Module(s) have been scanned
    Scan process 'wininit.exe' - '34' Module(s) have been scanned
    Scan process 'csrss.exe' - '14' Module(s) have been scanned
    Scan process 'smss.exe' - '2' Module(s) have been scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!
    Boot sector 'D:\'
    [INFO] No virus was found!

    Starting to scan executable files (registry).
    C:\Program Files\Dogpile Toolbar\Helper.dll
    [DETECTION] Is the TR/Agent.219648.E Trojan

    The registry was scanned ( '1922' files ).


    Starting the file scan:

    Begin scan in 'C:\'
    C:\$RECYCLE.BIN\S-1-5-21-3672029275-632256824-2228662446-1000\$RNGE8E3.exe
    [DETECTION] Is the TR/FraudPack.bjxo Trojan
    C:\Program Files\Dogpile Toolbar\Helper.dll
    [DETECTION] Is the TR/Agent.219648.E Trojan
    C:\ProgramData\WildTangent\My HP Game Console\Downloads\en-us\Installers\fliporflop-setup.exe
    [0] Archive type: NSIS
    [DETECTION] Is the TR/Peed.877168 Trojan
    --> [ProgramFilesDir]/HP Games/Flip Or Flop/FlipOrFlop-WT.exe
    [DETECTION] Is the TR/Peed.877168 Trojan
    C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\2478564f-415313a2
    [0] Archive type: ZIP
    [DETECTION] Contains recognition pattern of the JAVA/Agent.EX Java virus
    --> a0ee3d65141.class
    [DETECTION] Contains recognition pattern of the JAVA/Agent.EX Java virus
    --> a4cb9b1a8a5.class
    [DETECTION] Contains recognition pattern of the JAVA/Agent.EY Java virus
    --> a66d578f084.class
    [DETECTION] Contains recognition pattern of the JAVA/Agent.EZ Java virus
    --> aa79d1019d8.class
    [DETECTION] Contains recognition pattern of the JAVA/Agent.FB Java virus
    --> ab16db71cdc.class
    [DETECTION] Contains recognition pattern of the JAVA/Agent.FH Java virus
    --> ab5601d4848.class
    [DETECTION] Contains recognition pattern of the JAVA/Agent.FI Java virus
    --> ae28546890f.class
    [DETECTION] Contains recognition pattern of the JAVA/Agent.FJ Java virus
    --> af439f03798.class
    [DETECTION] Contains recognition pattern of the JAVA/Agent.FK Java virus
    C:\Users\owner\Desktop\YahDecode.exe
    [DETECTION] Is the TR/Rozena.gpv Trojan
    C:\Windows\Fnicea.exe
    [DETECTION] Is the TR/Crypt.EPACK.Gen2 Trojan
    C:\Windows\Temp\3g7iQGMY.sys
    [DETECTION] Contains recognition pattern of the RKIT/TDss.D root kit
    Begin scan in 'D:\' <HP_RECOVERY>

    Beginning disinfection:
    C:\Windows\Temp\3g7iQGMY.sys
    [DETECTION] Contains recognition pattern of the RKIT/TDss.D root kit
    [NOTE] The file was moved to the quarantine directory under the name '48579ac9.qua'.
    C:\Windows\Fnicea.exe
    [DETECTION] Is the TR/Crypt.EPACK.Gen2 Trojan
    [NOTE] The file was moved to the quarantine directory under the name '5112b565.qua'.
    C:\Users\owner\Desktop\YahDecode.exe
    [DETECTION] Is the TR/Rozena.gpv Trojan
    [NOTE] The file was moved to the quarantine directory under the name '034cefb8.qua'.
    C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\2478564f-415313a2
    [DETECTION] Contains recognition pattern of the JAVA/Agent.FK Java virus
    [NOTE] The file was moved to the quarantine directory under the name '64a8a009.qua'.
    C:\ProgramData\WildTangent\My HP Game Console\Downloads\en-us\Installers\fliporflop-setup.exe
    [DETECTION] Is the TR/Peed.877168 Trojan
    [NOTE] The file was moved to the quarantine directory under the name '20fe8d7f.qua'.
    C:\$RECYCLE.BIN\S-1-5-21-3672029275-632256824-2228662446-1000\$RNGE8E3.exe
    [DETECTION] Is the TR/FraudPack.bjxo Trojan
    [NOTE] The file was moved to the quarantine directory under the name '5fceb544.qua'.
    C:\Program Files\Dogpile Toolbar\Helper.dll
    [DETECTION] Is the TR/Agent.219648.E Trojan
    [NOTE] The registration entry <HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlSearchHooks\{19A0F032-27D7-4227-BBB5-51AA9E5904F5}> was removed successfully.
    [WARNING] The file could not be copied to quarantine!
    [WARNING] The file does not exist!
    [NOTE] The registration entry <HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlSearchHooks\{19A0F032-27D7-4227-BBB5-51AA9E5904F5}> was removed successfully.
    [NOTE] The file is scheduled for deleting after reboot.
    The repair notes were written to the file 'C:\avrescue\rescue.avp'.
     
  2. Broni

    Broni Malware Annihilator Posts: 52,904   +344

Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...