Hello and thank you in advance for your help.
I was receiving help from bobbye on this and he believed I have a boot-kit male-ware infection. I went on vacation so he temporarily closed the thread and I can not send a private message due to my number of post so I am opening a new one.
I have a dell latitude D810, running windows xp professional
OS Name Microsoft Windows XP Professional
Version 5.1.2600 Service Pack 3 Build 2600
OS Manufacturer Microsoft Corporation
System Manufacturer Dell Inc.
System Model Latitude D810
System Type X86-based PC
Processor x86 Family 6 Model 13 Stepping 8 GenuineIntel ~2261 Mhz
BIOS Version/Date Dell Inc. A04, 9/30/2005
SMBIOS Version 2.3
Windows Directory C:\WINDOWS
System Directory C:\WINDOWS\system32
Boot Device \Device\HarddiskVolume2
Locale United States
Hardware Abstraction Layer Version = "5.1.2600.5512 (xpsp.080413-2111)"
User Name PPSO-D1G5MW81\John
Time Zone Central Daylight Time
Total Physical Memory 1,024.00 MB
Available Physical Memory 248.72 MB
Total Virtual Memory 2.00 GB
Available Virtual Memory 1.96 GB
Page File Space 2.40 GB
Page File C:\pagefile.sys
I believe I have some type of virus/infection. The symptoms I am noticing are that in firefox, during a google search, if I click a link in the search results I get redirected to different pages. On a mouse over of a link it shows "adwords onlinesecure..." Also at times I get the blue screen and dumping memory message
I have done the following so far. I have ran Malwarebytes and cleaned several items a few weeks ago but continue to get no viruses found since, ran avira and cleaned one virus, again a few weeks ago, and since I get no viruses found.
Upon reading on this site tonight I followed the steps listed for virus removal.
1.) Ran Malwarebytes - Log attached
2.) Ran Avira - Log attached
3.) Ran GMER log attached
4.) Ran dds - Logs attached
6.) Ran combofix - Log attached
7.) Ran ESET - Log attached
I did not download and run hijack log, please let me know if it is needed.
===========================================
Database version: 4382
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11
8/2/2010 6:18:28 PM
mbam-log-2010-08-02 (18-18-28).txt
Scan type: Full scan (C:\|)
Objects scanned: 311520
Time elapsed: 1 hour(s), 21 minute(s), 53 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
================================================
Avira AntiVir Personal
Report file date: Monday, August 02, 2010 18:25
Scanning for 2670451 virus strains and unwanted programs.
The program is running as an unrestricted full version.
Online services are available:
Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : PPSO-D1G5MW81
Version information:
BUILD.DAT : 10.0.0.567 32097 Bytes 4/19/2010 15:07:00
AVSCAN.EXE : 10.0.3.0 433832 Bytes 4/1/2010 18:37:38
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 18:57:04
LUKE.DLL : 10.0.2.3 104296 Bytes 3/8/2010 00:33:04
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 05:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 15:05:36
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 01:27:49
VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 23:37:42
VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 22:37:42
VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 17:29:03
VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 07:11:46
VBASE006.VDF : 7.10.7.218 2294784 Bytes 6/2/2010 07:12:02
VBASE007.VDF : 7.10.9.165 4840960 Bytes 7/23/2010 19:12:37
VBASE008.VDF : 7.10.9.166 2048 Bytes 7/23/2010 19:12:37
VBASE009.VDF : 7.10.9.167 2048 Bytes 7/23/2010 19:12:38
VBASE010.VDF : 7.10.9.168 2048 Bytes 7/23/2010 19:12:38
VBASE011.VDF : 7.10.9.169 2048 Bytes 7/23/2010 19:12:38
VBASE012.VDF : 7.10.9.170 2048 Bytes 7/23/2010 19:12:39
VBASE013.VDF : 7.10.9.198 157696 Bytes 7/26/2010 19:12:40
VBASE014.VDF : 7.10.9.255 997888 Bytes 7/29/2010 19:12:46
VBASE015.VDF : 7.10.10.28 139264 Bytes 8/2/2010 18:54:07
VBASE016.VDF : 7.10.10.29 2048 Bytes 8/2/2010 18:54:08
VBASE017.VDF : 7.10.10.30 2048 Bytes 8/2/2010 18:54:08
VBASE018.VDF : 7.10.10.31 2048 Bytes 8/2/2010 18:54:08
VBASE019.VDF : 7.10.10.32 2048 Bytes 8/2/2010 18:54:08
VBASE020.VDF : 7.10.10.33 2048 Bytes 8/2/2010 18:54:08
VBASE021.VDF : 7.10.10.34 2048 Bytes 8/2/2010 18:54:09
VBASE022.VDF : 7.10.10.35 2048 Bytes 8/2/2010 18:54:09
VBASE023.VDF : 7.10.10.36 2048 Bytes 8/2/2010 18:54:09
VBASE024.VDF : 7.10.10.37 2048 Bytes 8/2/2010 18:54:09
VBASE025.VDF : 7.10.10.38 2048 Bytes 8/2/2010 18:54:10
VBASE026.VDF : 7.10.10.39 2048 Bytes 8/2/2010 18:54:10
VBASE027.VDF : 7.10.10.40 2048 Bytes 8/2/2010 18:54:10
VBASE028.VDF : 7.10.10.41 2048 Bytes 8/2/2010 18:54:10
VBASE029.VDF : 7.10.10.42 2048 Bytes 8/2/2010 18:54:10
VBASE030.VDF : 7.10.10.43 2048 Bytes 8/2/2010 18:54:11
VBASE031.VDF : 7.10.10.47 92672 Bytes 8/2/2010 18:54:12
Engineversion : 8.2.4.32
AEVDF.DLL : 8.1.2.1 106868 Bytes 7/29/2010 19:16:12
AESCRIPT.DLL : 8.1.3.42 1364347 Bytes 7/29/2010 19:16:06
AESCN.DLL : 8.1.6.1 127347 Bytes 7/5/2010 07:14:03
AESBX.DLL : 8.1.3.1 254324 Bytes 7/5/2010 07:14:14
AERDL.DLL : 8.1.8.2 614772 Bytes 7/21/2010 23:28:29
AEPACK.DLL : 8.2.3.3 471414 Bytes 7/29/2010 19:15:29
AEOFFICE.DLL : 8.1.1.8 201081 Bytes 7/21/2010 23:28:23
AEHEUR.DLL : 8.1.2.10 2830711 Bytes 7/29/2010 19:15:10
AEHELP.DLL : 8.1.13.2 242039 Bytes 7/21/2010 23:28:06
AEGEN.DLL : 8.1.3.18 393589 Bytes 7/29/2010 19:13:11
AEEMU.DLL : 8.1.2.0 393588 Bytes 7/5/2010 07:13:37
AECORE.DLL : 8.1.16.2 192887 Bytes 7/21/2010 23:27:57
AEBB.DLL : 8.1.1.0 53618 Bytes 7/5/2010 07:13:32
AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 18:03:38
AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 18:03:35
AVREP.DLL : 10.0.0.8 62209 Bytes 2/18/2010 22:47:40
AVREG.DLL : 10.0.3.0 53096 Bytes 4/1/2010 18:35:46
AVSCPLR.DLL : 10.0.3.0 83816 Bytes 4/1/2010 18:39:51
AVARKT.DLL : 10.0.0.14 227176 Bytes 4/1/2010 18:22:13
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 15:53:30
SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 18:57:58
AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 21:38:56
NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 20:41:00
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 19:10:20
RCTEXT.DLL : 10.0.53.0 97128 Bytes 4/9/2010 20:14:29
Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: repair
Secondary action....................: delete
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +APPL,+PCK,+PFS,+SPR,
Start of the scan: Monday, August 02, 2010 18:25
Starting search for hidden objects.
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\RNG\seed
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Microsoft\SchedulingAgent\lasttaskrun
[NOTE] The registry entry is invisible.
The scan of running processes will be started
Scan process 'msdtc.exe' - '43' Module(s) have been scanned
Scan process 'dllhost.exe' - '61' Module(s) have been scanned
Scan process 'dllhost.exe' - '48' Module(s) have been scanned
Scan process 'vssvc.exe' - '51' Module(s) have been scanned
Scan process 'avscan.exe' - '67' Module(s) have been scanned
Scan process 'NOTEPAD.EXE' - '27' Module(s) have been scanned
Scan process 'plugin-container.exe' - '70' Module(s) have been scanned
Scan process 'firefox.exe' - '114' Module(s) have been scanned
Scan process 'ctfmon.exe' - '25' Module(s) have been scanned
Scan process 'realsched.exe' - '42' Module(s) have been scanned
Scan process 'jusched.exe' - '24' Module(s) have been scanned
Scan process 'avgnt.exe' - '57' Module(s) have been scanned
Scan process 'alg.exe' - '36' Module(s) have been scanned
Scan process 'YahooAUService.exe' - '44' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '47' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '56' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '56' Module(s) have been scanned
Scan process 'UStorSrv.exe' - '23' Module(s) have been scanned
Scan process 'svchost.exe' - '44' Module(s) have been scanned
Scan process 'NICCONFIGSVC.exe' - '44' Module(s) have been scanned
Scan process 'avshadow.exe' - '33' Module(s) have been scanned
Scan process 'MDM.EXE' - '27' Module(s) have been scanned
Scan process 'jqs.exe' - '33' Module(s) have been scanned
Scan process 'Iap.exe' - '30' Module(s) have been scanned
Scan process 'svchost.exe' - '38' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '37' Module(s) have been scanned
Scan process 'avguard.exe' - '54' Module(s) have been scanned
Scan process 'Explorer.EXE' - '103' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '28' Module(s) have been scanned
Scan process 'svchost.exe' - '34' Module(s) have been scanned
Scan process 'sched.exe' - '49' Module(s) have been scanned
Scan process 'SCardSvr.exe' - '23' Module(s) have been scanned
Scan process 'spoolsv.exe' - '81' Module(s) have been scanned
Scan process 'svchost.exe' - '47' Module(s) have been scanned
Scan process 'svchost.exe' - '36' Module(s) have been scanned
Scan process 'svchost.exe' - '36' Module(s) have been scanned
Scan process 'svchost.exe' - '167' Module(s) have been scanned
Scan process 'svchost.exe' - '43' Module(s) have been scanned
Scan process 'svchost.exe' - '58' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '15' Module(s) have been scanned
Scan process 'lsass.exe' - '58' Module(s) have been scanned
Scan process 'services.exe' - '67' Module(s) have been scanned
Scan process 'winlogon.exe' - '85' Module(s) have been scanned
Scan process 'csrss.exe' - '12' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Starting to scan executable files (registry).
The registry was scanned ( '1864' files ).
Starting the file scan:
Begin scan in 'C:\'
End of the scan: Monday, August 02, 2010 22:50
Used time: 4:24:29 Hour(s)
The scan has been done completely.
13708 Scanned directories
412544 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
412544 Files not concerned
4571 Archives were scanned
0 Warnings
0 Notes
923769 Objects were scanned with rootkit scan
2 Hidden objects were found
I was receiving help from bobbye on this and he believed I have a boot-kit male-ware infection. I went on vacation so he temporarily closed the thread and I can not send a private message due to my number of post so I am opening a new one.
I have a dell latitude D810, running windows xp professional
OS Name Microsoft Windows XP Professional
Version 5.1.2600 Service Pack 3 Build 2600
OS Manufacturer Microsoft Corporation
System Manufacturer Dell Inc.
System Model Latitude D810
System Type X86-based PC
Processor x86 Family 6 Model 13 Stepping 8 GenuineIntel ~2261 Mhz
BIOS Version/Date Dell Inc. A04, 9/30/2005
SMBIOS Version 2.3
Windows Directory C:\WINDOWS
System Directory C:\WINDOWS\system32
Boot Device \Device\HarddiskVolume2
Locale United States
Hardware Abstraction Layer Version = "5.1.2600.5512 (xpsp.080413-2111)"
User Name PPSO-D1G5MW81\John
Time Zone Central Daylight Time
Total Physical Memory 1,024.00 MB
Available Physical Memory 248.72 MB
Total Virtual Memory 2.00 GB
Available Virtual Memory 1.96 GB
Page File Space 2.40 GB
Page File C:\pagefile.sys
I believe I have some type of virus/infection. The symptoms I am noticing are that in firefox, during a google search, if I click a link in the search results I get redirected to different pages. On a mouse over of a link it shows "adwords onlinesecure..." Also at times I get the blue screen and dumping memory message
I have done the following so far. I have ran Malwarebytes and cleaned several items a few weeks ago but continue to get no viruses found since, ran avira and cleaned one virus, again a few weeks ago, and since I get no viruses found.
Upon reading on this site tonight I followed the steps listed for virus removal.
1.) Ran Malwarebytes - Log attached
2.) Ran Avira - Log attached
3.) Ran GMER log attached
4.) Ran dds - Logs attached
6.) Ran combofix - Log attached
7.) Ran ESET - Log attached
I did not download and run hijack log, please let me know if it is needed.
===========================================
Database version: 4382
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11
8/2/2010 6:18:28 PM
mbam-log-2010-08-02 (18-18-28).txt
Scan type: Full scan (C:\|)
Objects scanned: 311520
Time elapsed: 1 hour(s), 21 minute(s), 53 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
================================================
Avira AntiVir Personal
Report file date: Monday, August 02, 2010 18:25
Scanning for 2670451 virus strains and unwanted programs.
The program is running as an unrestricted full version.
Online services are available:
Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : PPSO-D1G5MW81
Version information:
BUILD.DAT : 10.0.0.567 32097 Bytes 4/19/2010 15:07:00
AVSCAN.EXE : 10.0.3.0 433832 Bytes 4/1/2010 18:37:38
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 18:57:04
LUKE.DLL : 10.0.2.3 104296 Bytes 3/8/2010 00:33:04
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 05:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 15:05:36
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 01:27:49
VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 23:37:42
VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 22:37:42
VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 17:29:03
VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 07:11:46
VBASE006.VDF : 7.10.7.218 2294784 Bytes 6/2/2010 07:12:02
VBASE007.VDF : 7.10.9.165 4840960 Bytes 7/23/2010 19:12:37
VBASE008.VDF : 7.10.9.166 2048 Bytes 7/23/2010 19:12:37
VBASE009.VDF : 7.10.9.167 2048 Bytes 7/23/2010 19:12:38
VBASE010.VDF : 7.10.9.168 2048 Bytes 7/23/2010 19:12:38
VBASE011.VDF : 7.10.9.169 2048 Bytes 7/23/2010 19:12:38
VBASE012.VDF : 7.10.9.170 2048 Bytes 7/23/2010 19:12:39
VBASE013.VDF : 7.10.9.198 157696 Bytes 7/26/2010 19:12:40
VBASE014.VDF : 7.10.9.255 997888 Bytes 7/29/2010 19:12:46
VBASE015.VDF : 7.10.10.28 139264 Bytes 8/2/2010 18:54:07
VBASE016.VDF : 7.10.10.29 2048 Bytes 8/2/2010 18:54:08
VBASE017.VDF : 7.10.10.30 2048 Bytes 8/2/2010 18:54:08
VBASE018.VDF : 7.10.10.31 2048 Bytes 8/2/2010 18:54:08
VBASE019.VDF : 7.10.10.32 2048 Bytes 8/2/2010 18:54:08
VBASE020.VDF : 7.10.10.33 2048 Bytes 8/2/2010 18:54:08
VBASE021.VDF : 7.10.10.34 2048 Bytes 8/2/2010 18:54:09
VBASE022.VDF : 7.10.10.35 2048 Bytes 8/2/2010 18:54:09
VBASE023.VDF : 7.10.10.36 2048 Bytes 8/2/2010 18:54:09
VBASE024.VDF : 7.10.10.37 2048 Bytes 8/2/2010 18:54:09
VBASE025.VDF : 7.10.10.38 2048 Bytes 8/2/2010 18:54:10
VBASE026.VDF : 7.10.10.39 2048 Bytes 8/2/2010 18:54:10
VBASE027.VDF : 7.10.10.40 2048 Bytes 8/2/2010 18:54:10
VBASE028.VDF : 7.10.10.41 2048 Bytes 8/2/2010 18:54:10
VBASE029.VDF : 7.10.10.42 2048 Bytes 8/2/2010 18:54:10
VBASE030.VDF : 7.10.10.43 2048 Bytes 8/2/2010 18:54:11
VBASE031.VDF : 7.10.10.47 92672 Bytes 8/2/2010 18:54:12
Engineversion : 8.2.4.32
AEVDF.DLL : 8.1.2.1 106868 Bytes 7/29/2010 19:16:12
AESCRIPT.DLL : 8.1.3.42 1364347 Bytes 7/29/2010 19:16:06
AESCN.DLL : 8.1.6.1 127347 Bytes 7/5/2010 07:14:03
AESBX.DLL : 8.1.3.1 254324 Bytes 7/5/2010 07:14:14
AERDL.DLL : 8.1.8.2 614772 Bytes 7/21/2010 23:28:29
AEPACK.DLL : 8.2.3.3 471414 Bytes 7/29/2010 19:15:29
AEOFFICE.DLL : 8.1.1.8 201081 Bytes 7/21/2010 23:28:23
AEHEUR.DLL : 8.1.2.10 2830711 Bytes 7/29/2010 19:15:10
AEHELP.DLL : 8.1.13.2 242039 Bytes 7/21/2010 23:28:06
AEGEN.DLL : 8.1.3.18 393589 Bytes 7/29/2010 19:13:11
AEEMU.DLL : 8.1.2.0 393588 Bytes 7/5/2010 07:13:37
AECORE.DLL : 8.1.16.2 192887 Bytes 7/21/2010 23:27:57
AEBB.DLL : 8.1.1.0 53618 Bytes 7/5/2010 07:13:32
AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 18:03:38
AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 18:03:35
AVREP.DLL : 10.0.0.8 62209 Bytes 2/18/2010 22:47:40
AVREG.DLL : 10.0.3.0 53096 Bytes 4/1/2010 18:35:46
AVSCPLR.DLL : 10.0.3.0 83816 Bytes 4/1/2010 18:39:51
AVARKT.DLL : 10.0.0.14 227176 Bytes 4/1/2010 18:22:13
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 15:53:30
SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 18:57:58
AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 21:38:56
NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 20:41:00
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 19:10:20
RCTEXT.DLL : 10.0.53.0 97128 Bytes 4/9/2010 20:14:29
Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: repair
Secondary action....................: delete
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +APPL,+PCK,+PFS,+SPR,
Start of the scan: Monday, August 02, 2010 18:25
Starting search for hidden objects.
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\RNG\seed
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Microsoft\SchedulingAgent\lasttaskrun
[NOTE] The registry entry is invisible.
The scan of running processes will be started
Scan process 'msdtc.exe' - '43' Module(s) have been scanned
Scan process 'dllhost.exe' - '61' Module(s) have been scanned
Scan process 'dllhost.exe' - '48' Module(s) have been scanned
Scan process 'vssvc.exe' - '51' Module(s) have been scanned
Scan process 'avscan.exe' - '67' Module(s) have been scanned
Scan process 'NOTEPAD.EXE' - '27' Module(s) have been scanned
Scan process 'plugin-container.exe' - '70' Module(s) have been scanned
Scan process 'firefox.exe' - '114' Module(s) have been scanned
Scan process 'ctfmon.exe' - '25' Module(s) have been scanned
Scan process 'realsched.exe' - '42' Module(s) have been scanned
Scan process 'jusched.exe' - '24' Module(s) have been scanned
Scan process 'avgnt.exe' - '57' Module(s) have been scanned
Scan process 'alg.exe' - '36' Module(s) have been scanned
Scan process 'YahooAUService.exe' - '44' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '47' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '56' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '56' Module(s) have been scanned
Scan process 'UStorSrv.exe' - '23' Module(s) have been scanned
Scan process 'svchost.exe' - '44' Module(s) have been scanned
Scan process 'NICCONFIGSVC.exe' - '44' Module(s) have been scanned
Scan process 'avshadow.exe' - '33' Module(s) have been scanned
Scan process 'MDM.EXE' - '27' Module(s) have been scanned
Scan process 'jqs.exe' - '33' Module(s) have been scanned
Scan process 'Iap.exe' - '30' Module(s) have been scanned
Scan process 'svchost.exe' - '38' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '37' Module(s) have been scanned
Scan process 'avguard.exe' - '54' Module(s) have been scanned
Scan process 'Explorer.EXE' - '103' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '28' Module(s) have been scanned
Scan process 'svchost.exe' - '34' Module(s) have been scanned
Scan process 'sched.exe' - '49' Module(s) have been scanned
Scan process 'SCardSvr.exe' - '23' Module(s) have been scanned
Scan process 'spoolsv.exe' - '81' Module(s) have been scanned
Scan process 'svchost.exe' - '47' Module(s) have been scanned
Scan process 'svchost.exe' - '36' Module(s) have been scanned
Scan process 'svchost.exe' - '36' Module(s) have been scanned
Scan process 'svchost.exe' - '167' Module(s) have been scanned
Scan process 'svchost.exe' - '43' Module(s) have been scanned
Scan process 'svchost.exe' - '58' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '15' Module(s) have been scanned
Scan process 'lsass.exe' - '58' Module(s) have been scanned
Scan process 'services.exe' - '67' Module(s) have been scanned
Scan process 'winlogon.exe' - '85' Module(s) have been scanned
Scan process 'csrss.exe' - '12' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Starting to scan executable files (registry).
The registry was scanned ( '1864' files ).
Starting the file scan:
Begin scan in 'C:\'
End of the scan: Monday, August 02, 2010 22:50
Used time: 4:24:29 Hour(s)
The scan has been done completely.
13708 Scanned directories
412544 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
412544 Files not concerned
4571 Archives were scanned
0 Warnings
0 Notes
923769 Objects were scanned with rootkit scan
2 Hidden objects were found