Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Avira detected TR/ATRAPS.Gen2


  • This topic is locked This topic is locked
16 replies to this topic

#1 christhekid

christhekid

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:12:14 PM

Posted 19 August 2012 - 01:28 AM

I need some help, very much appreciated

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Christian at 23:54:02 on 2012-08-18
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3894.2467 [GMT -4:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\Common Files\Teleca Shared\logger.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\DbgOut.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
C:\program files (x86)\avira\antivir desktop\avcenter.exe
C:\program files (x86)\avira\antivir desktop\avnotify.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page =
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: SearchPredictObj Class: {389943b0-c3a2-4e69-82cb-8596a84cb3dc} - C:\Program Files (x86)\SearchPredict\SearchPredict.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: SBCONVERT Class: {92a9acf4-9333-43ae-9698-db283326f87f} - C:\Program Files (x86)\SPEEDbit Video Downloader\Toolbar\tbcore3.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: GrabberObj Class: {ff7c3cf0-4b15-11d1-abed-709549c10000} - C:\Program Files (x86)\SPEEDbit Video Downloader\Toolbar\grabber.dll
TB: SpeedBit Video Downloader: {0329e7d6-6f54-462d-93f6-f5c3118badf2} - C:\Program Files (x86)\SPEEDbit Video Downloader\Toolbar\tbcore3.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [HLBackupScheduler] C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
uRun: [Facebook Update] "C:\Users\Christian\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
mRun: [Mobile Connectivity Suite] "C:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\CHRIST~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SEAGAT~1.LNK - C:\Users\Christian\AppData\Roaming\Leadertech\PowerRegister\Seagate Product Registration.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAPFI~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
TCP: DhcpNameServer = 10.0.0.1
TCP: Interfaces\{23BF1AB4-3C72-48D7-A260-DB3CDAF8793D} : DhcpNameServer = 10.0.0.1
TCP: Interfaces\{23BF1AB4-3C72-48D7-A260-DB3CDAF8793D}\45753475966496 : DhcpNameServer = 10.240.205.161 10.240.205.162
TCP: Interfaces\{23BF1AB4-3C72-48D7-A260-DB3CDAF8793D}\E4544574541425 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{23BF1AB4-3C72-48D7-A260-DB3CDAF8793D}\E45445745414254303 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D6C2120B-A7ED-4044-8956-4C90C6A8B70E} : DhcpNameServer = 10.0.0.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: SearchPredictObj Class: {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - C:\Program Files (x86)\SearchPredict\SearchPredict.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: SBCONVERT Class: {92A9ACF4-9333-43AE-9698-DB283326F87F} - C:\Program Files (x86)\SPEEDbit Video Downloader\Toolbar\tbcore3.dll
BHO-X64: SBCONVERT - No File
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: GrabberObj Class: {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files (x86)\SPEEDbit Video Downloader\Toolbar\grabber.dll
BHO-X64: GrabberObj Class - No File
TB-X64: SpeedBit Video Downloader: {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files (x86)\SPEEDbit Video Downloader\Toolbar\tbcore3.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [IMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
mRun-x64: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
mRun-x64: [Mobile Connectivity Suite] "C:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Christian\AppData\Roaming\Mozilla\Firefox\Profiles\055ok01k.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Christian\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Christian\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-5-28 86224]
R2 AntiVirService;Avira Realtime Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-5-28 110032]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-7-21 103992]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-3-5 35200]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-2-20 13592]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-12 655944]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-9-11 399344]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-2-20 2320920]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 CLKMSVC10_9EC60124;CyberLink Product - 2011/02/20 01:49:37;C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-12-6 240112]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-14 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-10 250056]
S3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\system32\drivers\btwampfl.sys --> C:\Windows\system32\drivers\btwampfl.sys [?]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-8-9 113120]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 Revoflt;Revoflt;C:\Windows\system32\DRIVERS\revoflt.sys --> C:\Windows\system32\DRIVERS\revoflt.sys [?]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-08-15 07:02:28 80384 ----a-w- C:\Windows\System32\drivers\BTHUSB.SYS
2012-08-15 07:02:28 552448 ----a-w- C:\Windows\System32\drivers\bthport.sys
2012-08-15 03:22:17 503808 ----a-w- C:\Windows\System32\srcore.dll
2012-08-15 03:22:17 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2012-08-15 03:22:13 751104 ----a-w- C:\Windows\System32\win32spl.dll
2012-08-15 03:22:13 67584 ----a-w- C:\Windows\splwow64.exe
2012-08-15 03:22:13 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2012-08-15 03:22:13 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2012-08-15 03:22:10 58880 ----a-w- C:\Windows\System32\browcli.dll
2012-08-15 03:22:10 41472 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-08-15 03:22:10 136704 ----a-w- C:\Windows\System32\browser.dll
2012-08-15 03:22:09 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-08-15 03:22:08 956416 ----a-w- C:\Windows\System32\localspl.dll
2012-08-10 03:38:00 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-07-21 22:51:39 -------- d-sh--w- C:\$RECYCLE.BIN
2012-07-20 07:33:29 98816 ----a-w- C:\Windows\sed.exe
2012-07-20 07:33:29 518144 ----a-w- C:\Windows\SWREG.exe
2012-07-20 07:33:29 256000 ----a-w- C:\Windows\PEV.exe
2012-07-20 07:33:29 208896 ----a-w- C:\Windows\MBR.exe
.
==================== Find3M ====================
.
2012-08-15 03:38:16 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-15 03:38:16 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-03 17:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-06 05:50:50 2003968 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 05:50:50 1880064 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 05:09:46 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:09:46 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 05:38:26 95088 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:38:24 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:37:45 459216 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:27:02 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:27:00 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:48:39 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:48:35 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:47:31 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:42:51 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 23:57:17.78 ===============



GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-08-19 02:27:27
Windows 6.1.7600
Running: gmer.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\cc52af6b1f86
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\cc52af6b1f86@f80cf3ad6980 0xAC 0x5F 0x1E 0x7E ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\cc52af6b1f86 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\cc52af6b1f86@f80cf3ad6980 0xAC 0x5F 0x1E 0x7E ...

---- EOF - GMER 1.0.15 ----

BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:05:14 PM

Posted 19 August 2012 - 02:31 PM

Good evening. :)

Pay a visit to the ESET Online Scanner.

  • Click the ESET Online Scanner button and a new window will open - you may need to maximise it.
  • Click the Run ESET Online Scanner button in the new window.
  • If you are using any other browser than IE, you will be prompted to download and run esetsmartinstaller_enu.exe and the scan will run from within the window that the executable opens.
  • Regardless of which browser you are using, you will be shown some terms and conditions and you will need to accept these to continue.
  • If you are running IE for this scan you will then be prompted to allow an ActiveX component to be downloaded, unless you already have it installed, and the scan will run inside IE.
  • When you see the Computer Scan Settings window, you will need to make the following changes:

    • UNCHECK Remove found threats - this is important.
    • Check Scan archives
    • Click on Advanced settings
    • Check Scan for potentially unsafe applications
  • Once ready, click Start to begin - not a surprise really!
  • The anti-virus definitions will now be downloaded, so don't forget to allow them through your firewall if prompted.
  • The above will take a little time, so now is a good time to fire up the kettle and open the biccies.
  • Once the scan has completed you will be shown the results - assuming that the scanner has found anything.
  • Click List of found threats and then Export to text file... and save the log somewhere convenient.
  • You can then close out the scanner - don't bother uninstalling it as you may need to use it again.
  • Please post the contents of this file in your next reply, or let me know that nothing was identified.

So long, and thanks for all the fish.

 

 


#3 christhekid

christhekid
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:12:14 PM

Posted 20 August 2012 - 12:29 AM

C:\ProgramData\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
C:\Users\All Users\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
C:\Users\Christian\Downloads\cnet2_swrsetup_exe.exe a variant of Win32/InstallCore.D application
C:\Users\Christian\Downloads\unlocker.exe a variant of Win32/Soft32Downloader.A application
C:\Users\Christian\Downloads\Unlocker1.9.1.exe Win32/Adware.ADON application

#4 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:05:14 PM

Posted 20 August 2012 - 02:06 PM

Good evening. :)

When Avira detected TR/ATRAPS.Gen2 , did it give a list of files that it thought were infected?

So long, and thanks for all the fish.

 

 


#5 christhekid

christhekid
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:12:14 PM

Posted 21 August 2012 - 02:25 AM

Yes I think it did

#6 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:05:14 PM

Posted 21 August 2012 - 02:16 PM

Good evening. :)

Well would you mind sharing them with me?

So long, and thanks for all the fish.

 

 


#7 christhekid

christhekid
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:12:14 PM

Posted 21 August 2012 - 04:00 PM

Sure if you tell me how to give you a log of the files

#8 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:05:14 PM

Posted 21 August 2012 - 04:16 PM

Try C:\ProgramData\Avira\AntiVir Desktop\LOGFILES - hopefully you'll find something that you can copy and paste.

So long, and thanks for all the fish.

 

 


#9 christhekid

christhekid
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:12:14 PM

Posted 21 August 2012 - 04:19 PM

Looks like there is a file for each one. Would you like me to post them individually?

#10 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:05:14 PM

Posted 21 August 2012 - 04:26 PM

Yes please.

So long, and thanks for all the fish.

 

 


#11 christhekid

christhekid
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:12:14 PM

Posted 22 August 2012 - 03:18 AM

Avira Free Antivirus
Report file date: Saturday, August 18, 2012 23:47

Scanning for 4128591 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available.

Licensee : Avira AntiVir Personal - Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows 7 Home Premium
Windows version : (plain) [6.1.7600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : APRIL-HP

Version information:
BUILD.DAT : 12.0.0.1167 40870 Bytes 7/18/2012 20:07:00
AVSCAN.EXE : 12.3.0.33 468472 Bytes 8/9/2012 02:48:28
AVSCAN.DLL : 12.3.0.15 54736 Bytes 5/2/2012 19:31:39
LUKE.DLL : 12.3.0.15 68304 Bytes 5/2/2012 05:31:47
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 5/2/2012 04:13:36
AVREG.DLL : 12.3.0.17 232200 Bytes 5/28/2012 18:52:55
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 00:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 05:23:21
VBASE002.VDF : 7.11.19.170 14374912 Bytes 12/20/2011 05:32:24
VBASE003.VDF : 7.11.21.238 4472832 Bytes 2/1/2012 15:58:50
VBASE004.VDF : 7.11.26.44 4329472 Bytes 3/28/2012 16:43:53
VBASE005.VDF : 7.11.34.116 4034048 Bytes 6/29/2012 23:03:54
VBASE006.VDF : 7.11.34.117 2048 Bytes 6/29/2012 23:03:54
VBASE007.VDF : 7.11.34.118 2048 Bytes 6/29/2012 23:03:54
VBASE008.VDF : 7.11.34.119 2048 Bytes 6/29/2012 23:03:55
VBASE009.VDF : 7.11.34.120 2048 Bytes 6/29/2012 23:03:55
VBASE010.VDF : 7.11.34.121 2048 Bytes 6/29/2012 23:03:55
VBASE011.VDF : 7.11.34.122 2048 Bytes 6/29/2012 23:03:55
VBASE012.VDF : 7.11.34.123 2048 Bytes 6/29/2012 23:03:55
VBASE013.VDF : 7.11.34.124 2048 Bytes 6/29/2012 23:03:55
VBASE014.VDF : 7.11.38.18 2554880 Bytes 7/30/2012 03:15:51
VBASE015.VDF : 7.11.38.70 556032 Bytes 7/31/2012 03:15:45
VBASE016.VDF : 7.11.38.143 171008 Bytes 8/2/2012 04:14:15
VBASE017.VDF : 7.11.38.221 178176 Bytes 8/6/2012 19:38:24
VBASE018.VDF : 7.11.39.37 168448 Bytes 8/8/2012 02:48:22
VBASE019.VDF : 7.11.39.89 131072 Bytes 8/9/2012 03:10:35
VBASE020.VDF : 7.11.39.145 142336 Bytes 8/11/2012 07:23:30
VBASE021.VDF : 7.11.39.207 165888 Bytes 8/14/2012 18:48:33
VBASE022.VDF : 7.11.40.9 156160 Bytes 8/16/2012 03:16:09
VBASE023.VDF : 7.11.40.49 133120 Bytes 8/17/2012 03:15:56
VBASE024.VDF : 7.11.40.50 2048 Bytes 8/17/2012 03:15:56
VBASE025.VDF : 7.11.40.51 2048 Bytes 8/17/2012 03:15:56
VBASE026.VDF : 7.11.40.52 2048 Bytes 8/17/2012 03:15:56
VBASE027.VDF : 7.11.40.53 2048 Bytes 8/17/2012 03:15:56
VBASE028.VDF : 7.11.40.54 2048 Bytes 8/17/2012 03:15:56
VBASE029.VDF : 7.11.40.55 2048 Bytes 8/17/2012 03:15:56
VBASE030.VDF : 7.11.40.56 2048 Bytes 8/17/2012 03:15:56
VBASE031.VDF : 7.11.40.74 65024 Bytes 8/18/2012 03:41:37
Engine version : 8.2.10.132
AEVDF.DLL : 8.1.2.10 102772 Bytes 7/11/2012 08:02:48
AESCRIPT.DLL : 8.1.4.42 459129 Bytes 8/10/2012 03:10:43
AESCN.DLL : 8.1.8.2 131444 Bytes 2/16/2012 22:11:36
AESBX.DLL : 8.2.5.12 606578 Bytes 6/15/2012 08:28:36
AERDL.DLL : 8.1.9.15 639348 Bytes 1/21/2012 05:22:40
AEPACK.DLL : 8.3.0.24 811381 Bytes 8/7/2012 21:16:47
AEOFFICE.DLL : 8.1.2.42 201083 Bytes 7/20/2012 07:26:23
AEHEUR.DLL : 8.1.4.86 5165429 Bytes 8/10/2012 03:10:41
AEHELP.DLL : 8.1.23.2 258422 Bytes 6/29/2012 03:21:04
AEGEN.DLL : 8.1.5.34 434548 Bytes 7/20/2012 07:24:29
AEEXP.DLL : 8.1.0.74 86387 Bytes 8/4/2012 04:14:06
AEEMU.DLL : 8.1.3.2 393587 Bytes 7/11/2012 08:02:47
AECORE.DLL : 8.1.27.4 201078 Bytes 8/7/2012 21:16:46
AEBB.DLL : 8.1.1.0 53618 Bytes 1/21/2012 05:22:35
AVWINLL.DLL : 12.3.0.15 27344 Bytes 5/2/2012 04:59:21
AVPREF.DLL : 12.3.0.15 51920 Bytes 5/2/2012 04:44:31
AVREP.DLL : 12.3.0.15 179208 Bytes 5/2/2012 04:13:35
AVARKT.DLL : 12.3.0.15 211408 Bytes 5/2/2012 04:21:32
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 5/2/2012 04:28:49
SQLITE3.DLL : 3.7.0.1 398288 Bytes 4/17/2012 03:11:02
AVSMTP.DLL : 12.3.0.32 63480 Bytes 8/9/2012 02:48:28
NETNT.DLL : 12.3.0.15 17104 Bytes 5/2/2012 05:33:29
RCIMAGE.DLL : 12.3.0.31 4445944 Bytes 8/9/2012 02:48:21
RCTEXT.DLL : 12.3.0.31 97784 Bytes 8/9/2012 02:48:21

Configuration settings for the scan:
Jobname.............................: AVGuardAsyncScan
Configuration file..................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_502e6425\guard_slideup.avp
Logging.............................: default
Primary action......................: Repair
Secondary action....................: Quarantine
Scan master boot sector.............: on
Scan boot sector....................: off
Process scan........................: on
Scan registry.......................: off
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: Complete

Start of the scan: Saturday, August 18, 2012 23:47

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'FlashPlayerPlugin_11_3_300_271.exe' - '1' Module(s) have been scanned
Scan process 'FlashPlayerPlugin_11_3_300_271.exe' - '1' Module(s) have been scanned
Scan process 'plugin-container.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'mbamservice.exe' - '1' Module(s) have been scanned
Scan process 'IAStorDataMgrSvc.exe' - '1' Module(s) have been scanned
Scan process 'UNS.exe' - '1' Module(s) have been scanned
Scan process 'FsynSrvStarter.exe' - '1' Module(s) have been scanned
Scan process 'HTCVBTServer.exe' - '1' Module(s) have been scanned
Scan process 'DbgOut.exe' - '1' Module(s) have been scanned
Scan process 'epmworker.exe' - '1' Module(s) have been scanned
Scan process 'ClientInitiatedStarter.exe' - '1' Module(s) have been scanned
Scan process 'Generic.exe' - '1' Module(s) have been scanned
Scan process 'logger.exe' - '1' Module(s) have been scanned
Scan process 'RunDll32.exe' - '1' Module(s) have been scanned
Scan process 'YCMMirage.exe' - '1' Module(s) have been scanned
Scan process 'hpqWmiEx.exe' - '1' Module(s) have been scanned
Scan process 'CapabilityManager.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'AdobeARM.exe' - '1' Module(s) have been scanned
Scan process 'HPMSGSVC.exe' - '1' Module(s) have been scanned
Scan process 'HPOSD.exe' - '1' Module(s) have been scanned
Scan process 'mbamgui.exe' - '1' Module(s) have been scanned
Scan process 'Application Launcher.exe' - '1' Module(s) have been scanned
Scan process 'PWRISOVM.EXE' - '1' Module(s) have been scanned
Scan process 'IAStorIcon.exe' - '1' Module(s) have been scanned
Scan process 'V CAST Backup Scheduler.exe' - '1' Module(s) have been scanned
Scan process 'DTLite.exe' - '1' Module(s) have been scanned
Scan process 'LightScribeControlPanel.exe' - '1' Module(s) have been scanned
Scan process 'RNowSvc.exe' - '1' Module(s) have been scanned
Scan process 'LMS.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'HPWMISVC.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'armsvc.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned

Starting the file scan:

Begin scan in 'C:\FRST\Quarantine\consrv.dll'
C:\FRST\Quarantine\consrv.dll
[DETECTION] Is the TR/ATRAPS.Gen2 Trojan
[NOTE] The file was moved to the quarantine directory under the name '546cc918.qua'.


End of the scan: Saturday, August 18, 2012 23:48
Used time: 00:26 Minute(s)

The scan has been done completely.

0 Scanned directories
40 Files were scanned
1 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 Files were deleted
0 Viruses and unwanted programs were repaired
1 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
39 Files not concerned
0 Archives were scanned
0 Warnings
1 Notes





Avira Free Antivirus
Report file date: Sunday, August 19, 2012 21:19

Scanning for 4128591 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available.

Licensee : Avira AntiVir Personal - Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows 7 Home Premium
Windows version : (plain) [6.1.7600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : APRIL-HP

Version information:
BUILD.DAT : 12.0.0.1167 40870 Bytes 7/18/2012 20:07:00
AVSCAN.EXE : 12.3.0.33 468472 Bytes 8/9/2012 02:48:28
AVSCAN.DLL : 12.3.0.15 54736 Bytes 5/2/2012 19:31:39
LUKE.DLL : 12.3.0.15 68304 Bytes 5/2/2012 05:31:47
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 5/2/2012 04:13:36
AVREG.DLL : 12.3.0.17 232200 Bytes 5/28/2012 18:52:55
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 00:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 05:23:21
VBASE002.VDF : 7.11.19.170 14374912 Bytes 12/20/2011 05:32:24
VBASE003.VDF : 7.11.21.238 4472832 Bytes 2/1/2012 15:58:50
VBASE004.VDF : 7.11.26.44 4329472 Bytes 3/28/2012 16:43:53
VBASE005.VDF : 7.11.34.116 4034048 Bytes 6/29/2012 23:03:54
VBASE006.VDF : 7.11.34.117 2048 Bytes 6/29/2012 23:03:54
VBASE007.VDF : 7.11.34.118 2048 Bytes 6/29/2012 23:03:54
VBASE008.VDF : 7.11.34.119 2048 Bytes 6/29/2012 23:03:55
VBASE009.VDF : 7.11.34.120 2048 Bytes 6/29/2012 23:03:55
VBASE010.VDF : 7.11.34.121 2048 Bytes 6/29/2012 23:03:55
VBASE011.VDF : 7.11.34.122 2048 Bytes 6/29/2012 23:03:55
VBASE012.VDF : 7.11.34.123 2048 Bytes 6/29/2012 23:03:55
VBASE013.VDF : 7.11.34.124 2048 Bytes 6/29/2012 23:03:55
VBASE014.VDF : 7.11.38.18 2554880 Bytes 7/30/2012 03:15:51
VBASE015.VDF : 7.11.38.70 556032 Bytes 7/31/2012 03:15:45
VBASE016.VDF : 7.11.38.143 171008 Bytes 8/2/2012 04:14:15
VBASE017.VDF : 7.11.38.221 178176 Bytes 8/6/2012 19:38:24
VBASE018.VDF : 7.11.39.37 168448 Bytes 8/8/2012 02:48:22
VBASE019.VDF : 7.11.39.89 131072 Bytes 8/9/2012 03:10:35
VBASE020.VDF : 7.11.39.145 142336 Bytes 8/11/2012 07:23:30
VBASE021.VDF : 7.11.39.207 165888 Bytes 8/14/2012 18:48:33
VBASE022.VDF : 7.11.40.9 156160 Bytes 8/16/2012 03:16:09
VBASE023.VDF : 7.11.40.49 133120 Bytes 8/17/2012 03:15:56
VBASE024.VDF : 7.11.40.50 2048 Bytes 8/17/2012 03:15:56
VBASE025.VDF : 7.11.40.51 2048 Bytes 8/17/2012 03:15:56
VBASE026.VDF : 7.11.40.52 2048 Bytes 8/17/2012 03:15:56
VBASE027.VDF : 7.11.40.53 2048 Bytes 8/17/2012 03:15:56
VBASE028.VDF : 7.11.40.54 2048 Bytes 8/17/2012 03:15:56
VBASE029.VDF : 7.11.40.55 2048 Bytes 8/17/2012 03:15:56
VBASE030.VDF : 7.11.40.56 2048 Bytes 8/17/2012 03:15:56
VBASE031.VDF : 7.11.40.74 65024 Bytes 8/18/2012 03:41:37
Engine version : 8.2.10.132
AEVDF.DLL : 8.1.2.10 102772 Bytes 7/11/2012 08:02:48
AESCRIPT.DLL : 8.1.4.42 459129 Bytes 8/10/2012 03:10:43
AESCN.DLL : 8.1.8.2 131444 Bytes 2/16/2012 22:11:36
AESBX.DLL : 8.2.5.12 606578 Bytes 6/15/2012 08:28:36
AERDL.DLL : 8.1.9.15 639348 Bytes 1/21/2012 05:22:40
AEPACK.DLL : 8.3.0.24 811381 Bytes 8/7/2012 21:16:47
AEOFFICE.DLL : 8.1.2.42 201083 Bytes 7/20/2012 07:26:23
AEHEUR.DLL : 8.1.4.86 5165429 Bytes 8/10/2012 03:10:41
AEHELP.DLL : 8.1.23.2 258422 Bytes 6/29/2012 03:21:04
AEGEN.DLL : 8.1.5.34 434548 Bytes 7/20/2012 07:24:29
AEEXP.DLL : 8.1.0.74 86387 Bytes 8/4/2012 04:14:06
AEEMU.DLL : 8.1.3.2 393587 Bytes 7/11/2012 08:02:47
AECORE.DLL : 8.1.27.4 201078 Bytes 8/7/2012 21:16:46
AEBB.DLL : 8.1.1.0 53618 Bytes 1/21/2012 05:22:35
AVWINLL.DLL : 12.3.0.15 27344 Bytes 5/2/2012 04:59:21
AVPREF.DLL : 12.3.0.15 51920 Bytes 5/2/2012 04:44:31
AVREP.DLL : 12.3.0.15 179208 Bytes 5/2/2012 04:13:35
AVARKT.DLL : 12.3.0.15 211408 Bytes 5/2/2012 04:21:32
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 5/2/2012 04:28:49
SQLITE3.DLL : 3.7.0.1 398288 Bytes 4/17/2012 03:11:02
AVSMTP.DLL : 12.3.0.32 63480 Bytes 8/9/2012 02:48:28
NETNT.DLL : 12.3.0.15 17104 Bytes 5/2/2012 05:33:29
RCIMAGE.DLL : 12.3.0.31 4445944 Bytes 8/9/2012 02:48:21
RCTEXT.DLL : 12.3.0.31 97784 Bytes 8/9/2012 02:48:21

Configuration settings for the scan:
Jobname.............................: AVGuardAsyncScan
Configuration file..................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_50315f48\guard_slideup.avp
Logging.............................: default
Primary action......................: Repair
Secondary action....................: Quarantine
Scan master boot sector.............: on
Scan boot sector....................: off
Process scan........................: on
Scan registry.......................: off
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: Complete

Start of the scan: Sunday, August 19, 2012 21:19

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'OnlineCmdLineScanner.exe' - '1' Module(s) have been scanned
Scan process 'OnlineScannerApp.exe' - '1' Module(s) have been scanned
Scan process 'mbamservice.exe' - '1' Module(s) have been scanned
Scan process 'IAStorDataMgrSvc.exe' - '1' Module(s) have been scanned
Scan process 'UNS.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'YCMMirage.exe' - '1' Module(s) have been scanned
Scan process 'FsynSrvStarter.exe' - '1' Module(s) have been scanned
Scan process 'HTCVBTServer.exe' - '1' Module(s) have been scanned
Scan process 'DbgOut.exe' - '1' Module(s) have been scanned
Scan process 'epmworker.exe' - '1' Module(s) have been scanned
Scan process 'ClientInitiatedStarter.exe' - '1' Module(s) have been scanned
Scan process 'Generic.exe' - '1' Module(s) have been scanned
Scan process 'RunDll32.exe' - '1' Module(s) have been scanned
Scan process 'hpqWmiEx.exe' - '1' Module(s) have been scanned
Scan process 'logger.exe' - '1' Module(s) have been scanned
Scan process 'CapabilityManager.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'AdobeARM.exe' - '1' Module(s) have been scanned
Scan process 'HPMSGSVC.exe' - '1' Module(s) have been scanned
Scan process 'HPOSD.exe' - '1' Module(s) have been scanned
Scan process 'mbamgui.exe' - '1' Module(s) have been scanned
Scan process 'Application Launcher.exe' - '1' Module(s) have been scanned
Scan process 'PWRISOVM.EXE' - '1' Module(s) have been scanned
Scan process 'IAStorIcon.exe' - '1' Module(s) have been scanned
Scan process 'V CAST Backup Scheduler.exe' - '1' Module(s) have been scanned
Scan process 'DTLite.exe' - '1' Module(s) have been scanned
Scan process 'LightScribeControlPanel.exe' - '1' Module(s) have been scanned
Scan process 'RNowSvc.exe' - '1' Module(s) have been scanned
Scan process 'LMS.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'HPWMISVC.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'armsvc.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned

Starting the file scan:

Begin scan in 'C:\Users\Christian\Downloads\Men_In_Black_-_Complete_Series.exe'
C:\Users\Christian\Downloads\Men_In_Black_-_Complete_Series.exe
[0] Archive type: NSIS
--> object
[DETECTION] Contains virus patterns of Adware ADWARE/1ClickDown.D
[NOTE] The file was moved to the quarantine directory under the name '568b3fe3.qua'.


End of the scan: Sunday, August 19, 2012 21:20
Used time: 00:53 Minute(s)

The scan has been done completely.

0 Scanned directories
64 Files were scanned
2 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 Files were deleted
0 Viruses and unwanted programs were repaired
1 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
62 Files not concerned
1 Archives were scanned
0 Warnings
1 Notes

#12 christhekid

christhekid
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:12:14 PM

Posted 22 August 2012 - 03:22 AM

Avira Free Antivirus
Report file date: Monday, August 20, 2012 00:40

Scanning for 4130458 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available.

Licensee : Avira AntiVir Personal - Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows 7 Home Premium
Windows version : (plain) [6.1.7600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : APRIL-HP

Version information:
BUILD.DAT : 12.0.0.1167 40870 Bytes 7/18/2012 20:07:00
AVSCAN.EXE : 12.3.0.33 468472 Bytes 8/9/2012 02:48:28
AVSCAN.DLL : 12.3.0.15 54736 Bytes 5/2/2012 19:31:39
LUKE.DLL : 12.3.0.15 68304 Bytes 5/2/2012 05:31:47
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 5/2/2012 04:13:36
AVREG.DLL : 12.3.0.17 232200 Bytes 5/28/2012 18:52:55
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 00:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 05:23:21
VBASE002.VDF : 7.11.19.170 14374912 Bytes 12/20/2011 05:32:24
VBASE003.VDF : 7.11.21.238 4472832 Bytes 2/1/2012 15:58:50
VBASE004.VDF : 7.11.26.44 4329472 Bytes 3/28/2012 16:43:53
VBASE005.VDF : 7.11.34.116 4034048 Bytes 6/29/2012 23:03:54
VBASE006.VDF : 7.11.34.117 2048 Bytes 6/29/2012 23:03:54
VBASE007.VDF : 7.11.34.118 2048 Bytes 6/29/2012 23:03:54
VBASE008.VDF : 7.11.34.119 2048 Bytes 6/29/2012 23:03:55
VBASE009.VDF : 7.11.34.120 2048 Bytes 6/29/2012 23:03:55
VBASE010.VDF : 7.11.34.121 2048 Bytes 6/29/2012 23:03:55
VBASE011.VDF : 7.11.34.122 2048 Bytes 6/29/2012 23:03:55
VBASE012.VDF : 7.11.34.123 2048 Bytes 6/29/2012 23:03:55
VBASE013.VDF : 7.11.34.124 2048 Bytes 6/29/2012 23:03:55
VBASE014.VDF : 7.11.38.18 2554880 Bytes 7/30/2012 03:15:51
VBASE015.VDF : 7.11.38.70 556032 Bytes 7/31/2012 03:15:45
VBASE016.VDF : 7.11.38.143 171008 Bytes 8/2/2012 04:14:15
VBASE017.VDF : 7.11.38.221 178176 Bytes 8/6/2012 19:38:24
VBASE018.VDF : 7.11.39.37 168448 Bytes 8/8/2012 02:48:22
VBASE019.VDF : 7.11.39.89 131072 Bytes 8/9/2012 03:10:35
VBASE020.VDF : 7.11.39.145 142336 Bytes 8/11/2012 07:23:30
VBASE021.VDF : 7.11.39.207 165888 Bytes 8/14/2012 18:48:33
VBASE022.VDF : 7.11.40.9 156160 Bytes 8/16/2012 03:16:09
VBASE023.VDF : 7.11.40.49 133120 Bytes 8/17/2012 03:15:56
VBASE024.VDF : 7.11.40.50 2048 Bytes 8/17/2012 03:15:56
VBASE025.VDF : 7.11.40.51 2048 Bytes 8/17/2012 03:15:56
VBASE026.VDF : 7.11.40.52 2048 Bytes 8/17/2012 03:15:56
VBASE027.VDF : 7.11.40.53 2048 Bytes 8/17/2012 03:15:56
VBASE028.VDF : 7.11.40.54 2048 Bytes 8/17/2012 03:15:56
VBASE029.VDF : 7.11.40.55 2048 Bytes 8/17/2012 03:15:56
VBASE030.VDF : 7.11.40.56 2048 Bytes 8/17/2012 03:15:56
VBASE031.VDF : 7.11.40.82 91136 Bytes 8/19/2012 03:41:30
Engine version : 8.2.10.132
AEVDF.DLL : 8.1.2.10 102772 Bytes 7/11/2012 08:02:48
AESCRIPT.DLL : 8.1.4.42 459129 Bytes 8/10/2012 03:10:43
AESCN.DLL : 8.1.8.2 131444 Bytes 2/16/2012 22:11:36
AESBX.DLL : 8.2.5.12 606578 Bytes 6/15/2012 08:28:36
AERDL.DLL : 8.1.9.15 639348 Bytes 1/21/2012 05:22:40
AEPACK.DLL : 8.3.0.24 811381 Bytes 8/7/2012 21:16:47
AEOFFICE.DLL : 8.1.2.42 201083 Bytes 7/20/2012 07:26:23
AEHEUR.DLL : 8.1.4.86 5165429 Bytes 8/10/2012 03:10:41
AEHELP.DLL : 8.1.23.2 258422 Bytes 6/29/2012 03:21:04
AEGEN.DLL : 8.1.5.34 434548 Bytes 7/20/2012 07:24:29
AEEXP.DLL : 8.1.0.74 86387 Bytes 8/4/2012 04:14:06
AEEMU.DLL : 8.1.3.2 393587 Bytes 7/11/2012 08:02:47
AECORE.DLL : 8.1.27.4 201078 Bytes 8/7/2012 21:16:46
AEBB.DLL : 8.1.1.0 53618 Bytes 1/21/2012 05:22:35
AVWINLL.DLL : 12.3.0.15 27344 Bytes 5/2/2012 04:59:21
AVPREF.DLL : 12.3.0.15 51920 Bytes 5/2/2012 04:44:31
AVREP.DLL : 12.3.0.15 179208 Bytes 5/2/2012 04:13:35
AVARKT.DLL : 12.3.0.15 211408 Bytes 5/2/2012 04:21:32
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 5/2/2012 04:28:49
SQLITE3.DLL : 3.7.0.1 398288 Bytes 4/17/2012 03:11:02
AVSMTP.DLL : 12.3.0.32 63480 Bytes 8/9/2012 02:48:28
NETNT.DLL : 12.3.0.15 17104 Bytes 5/2/2012 05:33:29
RCIMAGE.DLL : 12.3.0.31 4445944 Bytes 8/9/2012 02:48:21
RCTEXT.DLL : 12.3.0.31 97784 Bytes 8/9/2012 02:48:21

Configuration settings for the scan:
Jobname.............................: AVGuardAsyncScan
Configuration file..................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_50315f48\guard_slideup.avp
Logging.............................: default
Primary action......................: Repair
Secondary action....................: Quarantine
Scan master boot sector.............: on
Scan boot sector....................: off
Process scan........................: on
Scan registry.......................: off
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: Complete

Start of the scan: Monday, August 20, 2012 00:40

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'FlashPlayerPlugin_11_3_300_271.exe' - '1' Module(s) have been scanned
Scan process 'FlashPlayerPlugin_11_3_300_271.exe' - '1' Module(s) have been scanned
Scan process 'plugin-container.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'OnlineCmdLineScanner.exe' - '1' Module(s) have been scanned
Scan process 'OnlineScannerApp.exe' - '1' Module(s) have been scanned
Scan process 'mbamservice.exe' - '1' Module(s) have been scanned
Scan process 'IAStorDataMgrSvc.exe' - '1' Module(s) have been scanned
Scan process 'UNS.exe' - '1' Module(s) have been scanned
Scan process 'YCMMirage.exe' - '1' Module(s) have been scanned
Scan process 'FsynSrvStarter.exe' - '1' Module(s) have been scanned
Scan process 'HTCVBTServer.exe' - '1' Module(s) have been scanned
Scan process 'DbgOut.exe' - '1' Module(s) have been scanned
Scan process 'epmworker.exe' - '1' Module(s) have been scanned
Scan process 'ClientInitiatedStarter.exe' - '1' Module(s) have been scanned
Scan process 'Generic.exe' - '1' Module(s) have been scanned
Scan process 'RunDll32.exe' - '1' Module(s) have been scanned
Scan process 'hpqWmiEx.exe' - '1' Module(s) have been scanned
Scan process 'logger.exe' - '1' Module(s) have been scanned
Scan process 'CapabilityManager.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'AdobeARM.exe' - '1' Module(s) have been scanned
Scan process 'HPMSGSVC.exe' - '1' Module(s) have been scanned
Scan process 'HPOSD.exe' - '1' Module(s) have been scanned
Scan process 'mbamgui.exe' - '1' Module(s) have been scanned
Scan process 'Application Launcher.exe' - '1' Module(s) have been scanned
Scan process 'PWRISOVM.EXE' - '1' Module(s) have been scanned
Scan process 'IAStorIcon.exe' - '1' Module(s) have been scanned
Scan process 'V CAST Backup Scheduler.exe' - '1' Module(s) have been scanned
Scan process 'DTLite.exe' - '1' Module(s) have been scanned
Scan process 'LightScribeControlPanel.exe' - '1' Module(s) have been scanned
Scan process 'RNowSvc.exe' - '1' Module(s) have been scanned
Scan process 'LMS.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'HPWMISVC.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'armsvc.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned

Starting the file scan:

Begin scan in 'C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CVL2ICZ9\63458239459025636[1].htm'
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CVL2ICZ9\63458239459025636[1].htm
[DETECTION] Contains recognition pattern of the JS/Obfuscated.HK Java script virus
[NOTE] The file was moved to the quarantine directory under the name '557f6a31.qua'.


End of the scan: Monday, August 20, 2012 00:41
Used time: 00:43 Minute(s)

The scan has been done completely.

0 Scanned directories
42 Files were scanned
1 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 Files were deleted
0 Viruses and unwanted programs were repaired
1 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
41 Files not concerned
0 Archives were scanned
0 Warnings
1 Notes



Avira Free Antivirus
Report file date: Monday, August 20, 2012 00:41

Scanning for 4130458 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available.

Licensee : Avira AntiVir Personal - Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows 7 Home Premium
Windows version : (plain) [6.1.7600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : APRIL-HP

Version information:
BUILD.DAT : 12.0.0.1167 40870 Bytes 7/18/2012 20:07:00
AVSCAN.EXE : 12.3.0.33 468472 Bytes 8/9/2012 02:48:28
AVSCAN.DLL : 12.3.0.15 54736 Bytes 5/2/2012 19:31:39
LUKE.DLL : 12.3.0.15 68304 Bytes 5/2/2012 05:31:47
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 5/2/2012 04:13:36
AVREG.DLL : 12.3.0.17 232200 Bytes 5/28/2012 18:52:55
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 00:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 05:23:21
VBASE002.VDF : 7.11.19.170 14374912 Bytes 12/20/2011 05:32:24
VBASE003.VDF : 7.11.21.238 4472832 Bytes 2/1/2012 15:58:50
VBASE004.VDF : 7.11.26.44 4329472 Bytes 3/28/2012 16:43:53
VBASE005.VDF : 7.11.34.116 4034048 Bytes 6/29/2012 23:03:54
VBASE006.VDF : 7.11.34.117 2048 Bytes 6/29/2012 23:03:54
VBASE007.VDF : 7.11.34.118 2048 Bytes 6/29/2012 23:03:54
VBASE008.VDF : 7.11.34.119 2048 Bytes 6/29/2012 23:03:55
VBASE009.VDF : 7.11.34.120 2048 Bytes 6/29/2012 23:03:55
VBASE010.VDF : 7.11.34.121 2048 Bytes 6/29/2012 23:03:55
VBASE011.VDF : 7.11.34.122 2048 Bytes 6/29/2012 23:03:55
VBASE012.VDF : 7.11.34.123 2048 Bytes 6/29/2012 23:03:55
VBASE013.VDF : 7.11.34.124 2048 Bytes 6/29/2012 23:03:55
VBASE014.VDF : 7.11.38.18 2554880 Bytes 7/30/2012 03:15:51
VBASE015.VDF : 7.11.38.70 556032 Bytes 7/31/2012 03:15:45
VBASE016.VDF : 7.11.38.143 171008 Bytes 8/2/2012 04:14:15
VBASE017.VDF : 7.11.38.221 178176 Bytes 8/6/2012 19:38:24
VBASE018.VDF : 7.11.39.37 168448 Bytes 8/8/2012 02:48:22
VBASE019.VDF : 7.11.39.89 131072 Bytes 8/9/2012 03:10:35
VBASE020.VDF : 7.11.39.145 142336 Bytes 8/11/2012 07:23:30
VBASE021.VDF : 7.11.39.207 165888 Bytes 8/14/2012 18:48:33
VBASE022.VDF : 7.11.40.9 156160 Bytes 8/16/2012 03:16:09
VBASE023.VDF : 7.11.40.49 133120 Bytes 8/17/2012 03:15:56
VBASE024.VDF : 7.11.40.50 2048 Bytes 8/17/2012 03:15:56
VBASE025.VDF : 7.11.40.51 2048 Bytes 8/17/2012 03:15:56
VBASE026.VDF : 7.11.40.52 2048 Bytes 8/17/2012 03:15:56
VBASE027.VDF : 7.11.40.53 2048 Bytes 8/17/2012 03:15:56
VBASE028.VDF : 7.11.40.54 2048 Bytes 8/17/2012 03:15:56
VBASE029.VDF : 7.11.40.55 2048 Bytes 8/17/2012 03:15:56
VBASE030.VDF : 7.11.40.56 2048 Bytes 8/17/2012 03:15:56
VBASE031.VDF : 7.11.40.82 91136 Bytes 8/19/2012 03:41:30
Engine version : 8.2.10.132
AEVDF.DLL : 8.1.2.10 102772 Bytes 7/11/2012 08:02:48
AESCRIPT.DLL : 8.1.4.42 459129 Bytes 8/10/2012 03:10:43
AESCN.DLL : 8.1.8.2 131444 Bytes 2/16/2012 22:11:36
AESBX.DLL : 8.2.5.12 606578 Bytes 6/15/2012 08:28:36
AERDL.DLL : 8.1.9.15 639348 Bytes 1/21/2012 05:22:40
AEPACK.DLL : 8.3.0.24 811381 Bytes 8/7/2012 21:16:47
AEOFFICE.DLL : 8.1.2.42 201083 Bytes 7/20/2012 07:26:23
AEHEUR.DLL : 8.1.4.86 5165429 Bytes 8/10/2012 03:10:41
AEHELP.DLL : 8.1.23.2 258422 Bytes 6/29/2012 03:21:04
AEGEN.DLL : 8.1.5.34 434548 Bytes 7/20/2012 07:24:29
AEEXP.DLL : 8.1.0.74 86387 Bytes 8/4/2012 04:14:06
AEEMU.DLL : 8.1.3.2 393587 Bytes 7/11/2012 08:02:47
AECORE.DLL : 8.1.27.4 201078 Bytes 8/7/2012 21:16:46
AEBB.DLL : 8.1.1.0 53618 Bytes 1/21/2012 05:22:35
AVWINLL.DLL : 12.3.0.15 27344 Bytes 5/2/2012 04:59:21
AVPREF.DLL : 12.3.0.15 51920 Bytes 5/2/2012 04:44:31
AVREP.DLL : 12.3.0.15 179208 Bytes 5/2/2012 04:13:35
AVARKT.DLL : 12.3.0.15 211408 Bytes 5/2/2012 04:21:32
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 5/2/2012 04:28:49
SQLITE3.DLL : 3.7.0.1 398288 Bytes 4/17/2012 03:11:02
AVSMTP.DLL : 12.3.0.32 63480 Bytes 8/9/2012 02:48:28
NETNT.DLL : 12.3.0.15 17104 Bytes 5/2/2012 05:33:29
RCIMAGE.DLL : 12.3.0.31 4445944 Bytes 8/9/2012 02:48:21
RCTEXT.DLL : 12.3.0.31 97784 Bytes 8/9/2012 02:48:21

Configuration settings for the scan:
Jobname.............................: AVGuardAsyncScan
Configuration file..................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_50315f48\guard_slideup.avp
Logging.............................: default
Primary action......................: Repair
Secondary action....................: Quarantine
Scan master boot sector.............: on
Scan boot sector....................: off
Process scan........................: on
Scan registry.......................: off
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: Complete

Start of the scan: Monday, August 20, 2012 00:41

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'FlashPlayerPlugin_11_3_300_271.exe' - '1' Module(s) have been scanned
Scan process 'FlashPlayerPlugin_11_3_300_271.exe' - '1' Module(s) have been scanned
Scan process 'plugin-container.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'OnlineCmdLineScanner.exe' - '1' Module(s) have been scanned
Scan process 'OnlineScannerApp.exe' - '1' Module(s) have been scanned
Scan process 'mbamservice.exe' - '1' Module(s) have been scanned
Scan process 'IAStorDataMgrSvc.exe' - '1' Module(s) have been scanned
Scan process 'UNS.exe' - '1' Module(s) have been scanned
Scan process 'YCMMirage.exe' - '1' Module(s) have been scanned
Scan process 'FsynSrvStarter.exe' - '1' Module(s) have been scanned
Scan process 'HTCVBTServer.exe' - '1' Module(s) have been scanned
Scan process 'DbgOut.exe' - '1' Module(s) have been scanned
Scan process 'epmworker.exe' - '1' Module(s) have been scanned
Scan process 'ClientInitiatedStarter.exe' - '1' Module(s) have been scanned
Scan process 'Generic.exe' - '1' Module(s) have been scanned
Scan process 'RunDll32.exe' - '1' Module(s) have been scanned
Scan process 'hpqWmiEx.exe' - '1' Module(s) have been scanned
Scan process 'logger.exe' - '1' Module(s) have been scanned
Scan process 'CapabilityManager.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'AdobeARM.exe' - '1' Module(s) have been scanned
Scan process 'HPMSGSVC.exe' - '1' Module(s) have been scanned
Scan process 'HPOSD.exe' - '1' Module(s) have been scanned
Scan process 'mbamgui.exe' - '1' Module(s) have been scanned
Scan process 'Application Launcher.exe' - '1' Module(s) have been scanned
Scan process 'PWRISOVM.EXE' - '1' Module(s) have been scanned
Scan process 'IAStorIcon.exe' - '1' Module(s) have been scanned
Scan process 'V CAST Backup Scheduler.exe' - '1' Module(s) have been scanned
Scan process 'DTLite.exe' - '1' Module(s) have been scanned
Scan process 'LightScribeControlPanel.exe' - '1' Module(s) have been scanned
Scan process 'RNowSvc.exe' - '1' Module(s) have been scanned
Scan process 'LMS.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'HPWMISVC.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'armsvc.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned

Starting the file scan:

Begin scan in 'C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DZPQ0TQK\FA5362A00L[1].htm'
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DZPQ0TQK\FA5362A00L[1].htm
[DETECTION] Contains recognition pattern of the JS/Obfuscated.HK Java script virus
[NOTE] The file was moved to the quarantine directory under the name '5484604a.qua'.


End of the scan: Monday, August 20, 2012 00:42
Used time: 00:30 Minute(s)

The scan has been done completely.

0 Scanned directories
42 Files were scanned
1 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 Files were deleted
0 Viruses and unwanted programs were repaired
1 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
41 Files not concerned
0 Archives were scanned
0 Warnings
1 Notes



Avira Free Antivirus
Report file date: Monday, August 20, 2012 00:42

Scanning for 4130458 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available.

Licensee : Avira AntiVir Personal - Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows 7 Home Premium
Windows version : (plain) [6.1.7600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : APRIL-HP

Version information:
BUILD.DAT : 12.0.0.1167 40870 Bytes 7/18/2012 20:07:00
AVSCAN.EXE : 12.3.0.33 468472 Bytes 8/9/2012 02:48:28
AVSCAN.DLL : 12.3.0.15 54736 Bytes 5/2/2012 19:31:39
LUKE.DLL : 12.3.0.15 68304 Bytes 5/2/2012 05:31:47
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 5/2/2012 04:13:36
AVREG.DLL : 12.3.0.17 232200 Bytes 5/28/2012 18:52:55
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 00:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 05:23:21
VBASE002.VDF : 7.11.19.170 14374912 Bytes 12/20/2011 05:32:24
VBASE003.VDF : 7.11.21.238 4472832 Bytes 2/1/2012 15:58:50
VBASE004.VDF : 7.11.26.44 4329472 Bytes 3/28/2012 16:43:53
VBASE005.VDF : 7.11.34.116 4034048 Bytes 6/29/2012 23:03:54
VBASE006.VDF : 7.11.34.117 2048 Bytes 6/29/2012 23:03:54
VBASE007.VDF : 7.11.34.118 2048 Bytes 6/29/2012 23:03:54
VBASE008.VDF : 7.11.34.119 2048 Bytes 6/29/2012 23:03:55
VBASE009.VDF : 7.11.34.120 2048 Bytes 6/29/2012 23:03:55
VBASE010.VDF : 7.11.34.121 2048 Bytes 6/29/2012 23:03:55
VBASE011.VDF : 7.11.34.122 2048 Bytes 6/29/2012 23:03:55
VBASE012.VDF : 7.11.34.123 2048 Bytes 6/29/2012 23:03:55
VBASE013.VDF : 7.11.34.124 2048 Bytes 6/29/2012 23:03:55
VBASE014.VDF : 7.11.38.18 2554880 Bytes 7/30/2012 03:15:51
VBASE015.VDF : 7.11.38.70 556032 Bytes 7/31/2012 03:15:45
VBASE016.VDF : 7.11.38.143 171008 Bytes 8/2/2012 04:14:15
VBASE017.VDF : 7.11.38.221 178176 Bytes 8/6/2012 19:38:24
VBASE018.VDF : 7.11.39.37 168448 Bytes 8/8/2012 02:48:22
VBASE019.VDF : 7.11.39.89 131072 Bytes 8/9/2012 03:10:35
VBASE020.VDF : 7.11.39.145 142336 Bytes 8/11/2012 07:23:30
VBASE021.VDF : 7.11.39.207 165888 Bytes 8/14/2012 18:48:33
VBASE022.VDF : 7.11.40.9 156160 Bytes 8/16/2012 03:16:09
VBASE023.VDF : 7.11.40.49 133120 Bytes 8/17/2012 03:15:56
VBASE024.VDF : 7.11.40.50 2048 Bytes 8/17/2012 03:15:56
VBASE025.VDF : 7.11.40.51 2048 Bytes 8/17/2012 03:15:56
VBASE026.VDF : 7.11.40.52 2048 Bytes 8/17/2012 03:15:56
VBASE027.VDF : 7.11.40.53 2048 Bytes 8/17/2012 03:15:56
VBASE028.VDF : 7.11.40.54 2048 Bytes 8/17/2012 03:15:56
VBASE029.VDF : 7.11.40.55 2048 Bytes 8/17/2012 03:15:56
VBASE030.VDF : 7.11.40.56 2048 Bytes 8/17/2012 03:15:56
VBASE031.VDF : 7.11.40.82 91136 Bytes 8/19/2012 03:41:30
Engine version : 8.2.10.132
AEVDF.DLL : 8.1.2.10 102772 Bytes 7/11/2012 08:02:48
AESCRIPT.DLL : 8.1.4.42 459129 Bytes 8/10/2012 03:10:43
AESCN.DLL : 8.1.8.2 131444 Bytes 2/16/2012 22:11:36
AESBX.DLL : 8.2.5.12 606578 Bytes 6/15/2012 08:28:36
AERDL.DLL : 8.1.9.15 639348 Bytes 1/21/2012 05:22:40
AEPACK.DLL : 8.3.0.24 811381 Bytes 8/7/2012 21:16:47
AEOFFICE.DLL : 8.1.2.42 201083 Bytes 7/20/2012 07:26:23
AEHEUR.DLL : 8.1.4.86 5165429 Bytes 8/10/2012 03:10:41
AEHELP.DLL : 8.1.23.2 258422 Bytes 6/29/2012 03:21:04
AEGEN.DLL : 8.1.5.34 434548 Bytes 7/20/2012 07:24:29
AEEXP.DLL : 8.1.0.74 86387 Bytes 8/4/2012 04:14:06
AEEMU.DLL : 8.1.3.2 393587 Bytes 7/11/2012 08:02:47
AECORE.DLL : 8.1.27.4 201078 Bytes 8/7/2012 21:16:46
AEBB.DLL : 8.1.1.0 53618 Bytes 1/21/2012 05:22:35
AVWINLL.DLL : 12.3.0.15 27344 Bytes 5/2/2012 04:59:21
AVPREF.DLL : 12.3.0.15 51920 Bytes 5/2/2012 04:44:31
AVREP.DLL : 12.3.0.15 179208 Bytes 5/2/2012 04:13:35
AVARKT.DLL : 12.3.0.15 211408 Bytes 5/2/2012 04:21:32
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 5/2/2012 04:28:49
SQLITE3.DLL : 3.7.0.1 398288 Bytes 4/17/2012 03:11:02
AVSMTP.DLL : 12.3.0.32 63480 Bytes 8/9/2012 02:48:28
NETNT.DLL : 12.3.0.15 17104 Bytes 5/2/2012 05:33:29
RCIMAGE.DLL : 12.3.0.31 4445944 Bytes 8/9/2012 02:48:21
RCTEXT.DLL : 12.3.0.31 97784 Bytes 8/9/2012 02:48:21

Configuration settings for the scan:
Jobname.............................: AVGuardAsyncScan
Configuration file..................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_50315f48\guard_slideup.avp
Logging.............................: default
Primary action......................: Repair
Secondary action....................: Quarantine
Scan master boot sector.............: on
Scan boot sector....................: off
Process scan........................: on
Scan registry.......................: off
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: Complete

Start of the scan: Monday, August 20, 2012 00:42

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'FlashPlayerPlugin_11_3_300_271.exe' - '1' Module(s) have been scanned
Scan process 'FlashPlayerPlugin_11_3_300_271.exe' - '1' Module(s) have been scanned
Scan process 'plugin-container.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'OnlineCmdLineScanner.exe' - '1' Module(s) have been scanned
Scan process 'OnlineScannerApp.exe' - '1' Module(s) have been scanned
Scan process 'mbamservice.exe' - '1' Module(s) have been scanned
Scan process 'IAStorDataMgrSvc.exe' - '1' Module(s) have been scanned
Scan process 'UNS.exe' - '1' Module(s) have been scanned
Scan process 'YCMMirage.exe' - '1' Module(s) have been scanned
Scan process 'FsynSrvStarter.exe' - '1' Module(s) have been scanned
Scan process 'HTCVBTServer.exe' - '1' Module(s) have been scanned
Scan process 'DbgOut.exe' - '1' Module(s) have been scanned
Scan process 'epmworker.exe' - '1' Module(s) have been scanned
Scan process 'ClientInitiatedStarter.exe' - '1' Module(s) have been scanned
Scan process 'Generic.exe' - '1' Module(s) have been scanned
Scan process 'RunDll32.exe' - '1' Module(s) have been scanned
Scan process 'hpqWmiEx.exe' - '1' Module(s) have been scanned
Scan process 'logger.exe' - '1' Module(s) have been scanned
Scan process 'CapabilityManager.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'AdobeARM.exe' - '1' Module(s) have been scanned
Scan process 'HPMSGSVC.exe' - '1' Module(s) have been scanned
Scan process 'HPOSD.exe' - '1' Module(s) have been scanned
Scan process 'mbamgui.exe' - '1' Module(s) have been scanned
Scan process 'Application Launcher.exe' - '1' Module(s) have been scanned
Scan process 'PWRISOVM.EXE' - '1' Module(s) have been scanned
Scan process 'IAStorIcon.exe' - '1' Module(s) have been scanned
Scan process 'V CAST Backup Scheduler.exe' - '1' Module(s) have been scanned
Scan process 'DTLite.exe' - '1' Module(s) have been scanned
Scan process 'LightScribeControlPanel.exe' - '1' Module(s) have been scanned
Scan process 'RNowSvc.exe' - '1' Module(s) have been scanned
Scan process 'LMS.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'HPWMISVC.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'armsvc.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned

Starting the file scan:

Begin scan in 'C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JBA1PPDJ\63458239459025636[1].htm'
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JBA1PPDJ\63458239459025636[1].htm
[DETECTION] Contains recognition pattern of the JS/Obfuscated.HK Java script virus
[NOTE] The file was moved to the quarantine directory under the name '56c960fd.qua'.


End of the scan: Monday, August 20, 2012 00:42
Used time: 00:26 Minute(s)

The scan has been done completely.

0 Scanned directories
44 Files were scanned
1 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 Files were deleted
0 Viruses and unwanted programs were repaired
1 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
43 Files not concerned
0 Archives were scanned
0 Warnings
1 Notes



Avira Free Antivirus
Report file date: Monday, August 20, 2012 00:42

Scanning for 4130458 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available.

Licensee : Avira AntiVir Personal - Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows 7 Home Premium
Windows version : (plain) [6.1.7600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : APRIL-HP

Version information:
BUILD.DAT : 12.0.0.1167 40870 Bytes 7/18/2012 20:07:00
AVSCAN.EXE : 12.3.0.33 468472 Bytes 8/9/2012 02:48:28
AVSCAN.DLL : 12.3.0.15 54736 Bytes 5/2/2012 19:31:39
LUKE.DLL : 12.3.0.15 68304 Bytes 5/2/2012 05:31:47
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 5/2/2012 04:13:36
AVREG.DLL : 12.3.0.17 232200 Bytes 5/28/2012 18:52:55
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 00:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 05:23:21
VBASE002.VDF : 7.11.19.170 14374912 Bytes 12/20/2011 05:32:24
VBASE003.VDF : 7.11.21.238 4472832 Bytes 2/1/2012 15:58:50
VBASE004.VDF : 7.11.26.44 4329472 Bytes 3/28/2012 16:43:53
VBASE005.VDF : 7.11.34.116 4034048 Bytes 6/29/2012 23:03:54
VBASE006.VDF : 7.11.34.117 2048 Bytes 6/29/2012 23:03:54
VBASE007.VDF : 7.11.34.118 2048 Bytes 6/29/2012 23:03:54
VBASE008.VDF : 7.11.34.119 2048 Bytes 6/29/2012 23:03:55
VBASE009.VDF : 7.11.34.120 2048 Bytes 6/29/2012 23:03:55
VBASE010.VDF : 7.11.34.121 2048 Bytes 6/29/2012 23:03:55
VBASE011.VDF : 7.11.34.122 2048 Bytes 6/29/2012 23:03:55
VBASE012.VDF : 7.11.34.123 2048 Bytes 6/29/2012 23:03:55
VBASE013.VDF : 7.11.34.124 2048 Bytes 6/29/2012 23:03:55
VBASE014.VDF : 7.11.38.18 2554880 Bytes 7/30/2012 03:15:51
VBASE015.VDF : 7.11.38.70 556032 Bytes 7/31/2012 03:15:45
VBASE016.VDF : 7.11.38.143 171008 Bytes 8/2/2012 04:14:15
VBASE017.VDF : 7.11.38.221 178176 Bytes 8/6/2012 19:38:24
VBASE018.VDF : 7.11.39.37 168448 Bytes 8/8/2012 02:48:22
VBASE019.VDF : 7.11.39.89 131072 Bytes 8/9/2012 03:10:35
VBASE020.VDF : 7.11.39.145 142336 Bytes 8/11/2012 07:23:30
VBASE021.VDF : 7.11.39.207 165888 Bytes 8/14/2012 18:48:33
VBASE022.VDF : 7.11.40.9 156160 Bytes 8/16/2012 03:16:09
VBASE023.VDF : 7.11.40.49 133120 Bytes 8/17/2012 03:15:56
VBASE024.VDF : 7.11.40.50 2048 Bytes 8/17/2012 03:15:56
VBASE025.VDF : 7.11.40.51 2048 Bytes 8/17/2012 03:15:56
VBASE026.VDF : 7.11.40.52 2048 Bytes 8/17/2012 03:15:56
VBASE027.VDF : 7.11.40.53 2048 Bytes 8/17/2012 03:15:56
VBASE028.VDF : 7.11.40.54 2048 Bytes 8/17/2012 03:15:56
VBASE029.VDF : 7.11.40.55 2048 Bytes 8/17/2012 03:15:56
VBASE030.VDF : 7.11.40.56 2048 Bytes 8/17/2012 03:15:56
VBASE031.VDF : 7.11.40.82 91136 Bytes 8/19/2012 03:41:30
Engine version : 8.2.10.132
AEVDF.DLL : 8.1.2.10 102772 Bytes 7/11/2012 08:02:48
AESCRIPT.DLL : 8.1.4.42 459129 Bytes 8/10/2012 03:10:43
AESCN.DLL : 8.1.8.2 131444 Bytes 2/16/2012 22:11:36
AESBX.DLL : 8.2.5.12 606578 Bytes 6/15/2012 08:28:36
AERDL.DLL : 8.1.9.15 639348 Bytes 1/21/2012 05:22:40
AEPACK.DLL : 8.3.0.24 811381 Bytes 8/7/2012 21:16:47
AEOFFICE.DLL : 8.1.2.42 201083 Bytes 7/20/2012 07:26:23
AEHEUR.DLL : 8.1.4.86 5165429 Bytes 8/10/2012 03:10:41
AEHELP.DLL : 8.1.23.2 258422 Bytes 6/29/2012 03:21:04
AEGEN.DLL : 8.1.5.34 434548 Bytes 7/20/2012 07:24:29
AEEXP.DLL : 8.1.0.74 86387 Bytes 8/4/2012 04:14:06
AEEMU.DLL : 8.1.3.2 393587 Bytes 7/11/2012 08:02:47
AECORE.DLL : 8.1.27.4 201078 Bytes 8/7/2012 21:16:46
AEBB.DLL : 8.1.1.0 53618 Bytes 1/21/2012 05:22:35
AVWINLL.DLL : 12.3.0.15 27344 Bytes 5/2/2012 04:59:21
AVPREF.DLL : 12.3.0.15 51920 Bytes 5/2/2012 04:44:31
AVREP.DLL : 12.3.0.15 179208 Bytes 5/2/2012 04:13:35
AVARKT.DLL : 12.3.0.15 211408 Bytes 5/2/2012 04:21:32
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 5/2/2012 04:28:49
SQLITE3.DLL : 3.7.0.1 398288 Bytes 4/17/2012 03:11:02
AVSMTP.DLL : 12.3.0.32 63480 Bytes 8/9/2012 02:48:28
NETNT.DLL : 12.3.0.15 17104 Bytes 5/2/2012 05:33:29
RCIMAGE.DLL : 12.3.0.31 4445944 Bytes 8/9/2012 02:48:21
RCTEXT.DLL : 12.3.0.31 97784 Bytes 8/9/2012 02:48:21

Configuration settings for the scan:
Jobname.............................: AVGuardAsyncScan
Configuration file..................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_50315f48\guard_slideup.avp
Logging.............................: default
Primary action......................: Repair
Secondary action....................: Quarantine
Scan master boot sector.............: on
Scan boot sector....................: off
Process scan........................: on
Scan registry.......................: off
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: Complete

Start of the scan: Monday, August 20, 2012 00:42

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'FlashPlayerPlugin_11_3_300_271.exe' - '1' Module(s) have been scanned
Scan process 'FlashPlayerPlugin_11_3_300_271.exe' - '1' Module(s) have been scanned
Scan process 'plugin-container.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'OnlineCmdLineScanner.exe' - '1' Module(s) have been scanned
Scan process 'OnlineScannerApp.exe' - '1' Module(s) have been scanned
Scan process 'mbamservice.exe' - '1' Module(s) have been scanned
Scan process 'IAStorDataMgrSvc.exe' - '1' Module(s) have been scanned
Scan process 'UNS.exe' - '1' Module(s) have been scanned
Scan process 'YCMMirage.exe' - '1' Module(s) have been scanned
Scan process 'FsynSrvStarter.exe' - '1' Module(s) have been scanned
Scan process 'HTCVBTServer.exe' - '1' Module(s) have been scanned
Scan process 'DbgOut.exe' - '1' Module(s) have been scanned
Scan process 'epmworker.exe' - '1' Module(s) have been scanned
Scan process 'ClientInitiatedStarter.exe' - '1' Module(s) have been scanned
Scan process 'Generic.exe' - '1' Module(s) have been scanned
Scan process 'RunDll32.exe' - '1' Module(s) have been scanned
Scan process 'hpqWmiEx.exe' - '1' Module(s) have been scanned
Scan process 'logger.exe' - '1' Module(s) have been scanned
Scan process 'CapabilityManager.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'AdobeARM.exe' - '1' Module(s) have been scanned
Scan process 'HPMSGSVC.exe' - '1' Module(s) have been scanned
Scan process 'HPOSD.exe' - '1' Module(s) have been scanned
Scan process 'mbamgui.exe' - '1' Module(s) have been scanned
Scan process 'Application Launcher.exe' - '1' Module(s) have been scanned
Scan process 'PWRISOVM.EXE' - '1' Module(s) have been scanned
Scan process 'IAStorIcon.exe' - '1' Module(s) have been scanned
Scan process 'V CAST Backup Scheduler.exe' - '1' Module(s) have been scanned
Scan process 'DTLite.exe' - '1' Module(s) have been scanned
Scan process 'LightScribeControlPanel.exe' - '1' Module(s) have been scanned
Scan process 'RNowSvc.exe' - '1' Module(s) have been scanned
Scan process 'LMS.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'HPWMISVC.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'armsvc.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned

Starting the file scan:

Begin scan in 'C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JBA1PPDJ\63458239459025636[1].htm'
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JBA1PPDJ\63458239459025636[1].htm
[DETECTION] Contains recognition pattern of the JS/Obfuscated.HK Java script virus
[NOTE] The file was moved to the quarantine directory under the name '56c960fd.qua'.


End of the scan: Monday, August 20, 2012 00:42
Used time: 00:26 Minute(s)

The scan has been done completely.

0 Scanned directories
44 Files were scanned
1 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 Files were deleted
0 Viruses and unwanted programs were repaired
1 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
43 Files not concerned
0 Archives were scanned
0 Warnings
1 Notes

Avira Free Antivirus
Report file date: Monday, August 20, 2012 00:42

Scanning for 4130458 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available.

Licensee : Avira AntiVir Personal - Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows 7 Home Premium
Windows version : (plain) [6.1.7600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : APRIL-HP

Version information:
BUILD.DAT : 12.0.0.1167 40870 Bytes 7/18/2012 20:07:00
AVSCAN.EXE : 12.3.0.33 468472 Bytes 8/9/2012 02:48:28
AVSCAN.DLL : 12.3.0.15 54736 Bytes 5/2/2012 19:31:39
LUKE.DLL : 12.3.0.15 68304 Bytes 5/2/2012 05:31:47
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 5/2/2012 04:13:36
AVREG.DLL : 12.3.0.17 232200 Bytes 5/28/2012 18:52:55
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 00:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 05:23:21
VBASE002.VDF : 7.11.19.170 14374912 Bytes 12/20/2011 05:32:24
VBASE003.VDF : 7.11.21.238 4472832 Bytes 2/1/2012 15:58:50
VBASE004.VDF : 7.11.26.44 4329472 Bytes 3/28/2012 16:43:53
VBASE005.VDF : 7.11.34.116 4034048 Bytes 6/29/2012 23:03:54
VBASE006.VDF : 7.11.34.117 2048 Bytes 6/29/2012 23:03:54
VBASE007.VDF : 7.11.34.118 2048 Bytes 6/29/2012 23:03:54
VBASE008.VDF : 7.11.34.119 2048 Bytes 6/29/2012 23:03:55
VBASE009.VDF : 7.11.34.120 2048 Bytes 6/29/2012 23:03:55
VBASE010.VDF : 7.11.34.121 2048 Bytes 6/29/2012 23:03:55
VBASE011.VDF : 7.11.34.122 2048 Bytes 6/29/2012 23:03:55
VBASE012.VDF : 7.11.34.123 2048 Bytes 6/29/2012 23:03:55
VBASE013.VDF : 7.11.34.124 2048 Bytes 6/29/2012 23:03:55
VBASE014.VDF : 7.11.38.18 2554880 Bytes 7/30/2012 03:15:51
VBASE015.VDF : 7.11.38.70 556032 Bytes 7/31/2012 03:15:45
VBASE016.VDF : 7.11.38.143 171008 Bytes 8/2/2012 04:14:15
VBASE017.VDF : 7.11.38.221 178176 Bytes 8/6/2012 19:38:24
VBASE018.VDF : 7.11.39.37 168448 Bytes 8/8/2012 02:48:22
VBASE019.VDF : 7.11.39.89 131072 Bytes 8/9/2012 03:10:35
VBASE020.VDF : 7.11.39.145 142336 Bytes 8/11/2012 07:23:30
VBASE021.VDF : 7.11.39.207 165888 Bytes 8/14/2012 18:48:33
VBASE022.VDF : 7.11.40.9 156160 Bytes 8/16/2012 03:16:09
VBASE023.VDF : 7.11.40.49 133120 Bytes 8/17/2012 03:15:56
VBASE024.VDF : 7.11.40.50 2048 Bytes 8/17/2012 03:15:56
VBASE025.VDF : 7.11.40.51 2048 Bytes 8/17/2012 03:15:56
VBASE026.VDF : 7.11.40.52 2048 Bytes 8/17/2012 03:15:56
VBASE027.VDF : 7.11.40.53 2048 Bytes 8/17/2012 03:15:56
VBASE028.VDF : 7.11.40.54 2048 Bytes 8/17/2012 03:15:56
VBASE029.VDF : 7.11.40.55 2048 Bytes 8/17/2012 03:15:56
VBASE030.VDF : 7.11.40.56 2048 Bytes 8/17/2012 03:15:56
VBASE031.VDF : 7.11.40.82 91136 Bytes 8/19/2012 03:41:30
Engine version : 8.2.10.132
AEVDF.DLL : 8.1.2.10 102772 Bytes 7/11/2012 08:02:48
AESCRIPT.DLL : 8.1.4.42 459129 Bytes 8/10/2012 03:10:43
AESCN.DLL : 8.1.8.2 131444 Bytes 2/16/2012 22:11:36
AESBX.DLL : 8.2.5.12 606578 Bytes 6/15/2012 08:28:36
AERDL.DLL : 8.1.9.15 639348 Bytes 1/21/2012 05:22:40
AEPACK.DLL : 8.3.0.24 811381 Bytes 8/7/2012 21:16:47
AEOFFICE.DLL : 8.1.2.42 201083 Bytes 7/20/2012 07:26:23
AEHEUR.DLL : 8.1.4.86 5165429 Bytes 8/10/2012 03:10:41
AEHELP.DLL : 8.1.23.2 258422 Bytes 6/29/2012 03:21:04
AEGEN.DLL : 8.1.5.34 434548 Bytes 7/20/2012 07:24:29
AEEXP.DLL : 8.1.0.74 86387 Bytes 8/4/2012 04:14:06
AEEMU.DLL : 8.1.3.2 393587 Bytes 7/11/2012 08:02:47
AECORE.DLL : 8.1.27.4 201078 Bytes 8/7/2012 21:16:46
AEBB.DLL : 8.1.1.0 53618 Bytes 1/21/2012 05:22:35
AVWINLL.DLL : 12.3.0.15 27344 Bytes 5/2/2012 04:59:21
AVPREF.DLL : 12.3.0.15 51920 Bytes 5/2/2012 04:44:31
AVREP.DLL : 12.3.0.15 179208 Bytes 5/2/2012 04:13:35
AVARKT.DLL : 12.3.0.15 211408 Bytes 5/2/2012 04:21:32
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 5/2/2012 04:28:49
SQLITE3.DLL : 3.7.0.1 398288 Bytes 4/17/2012 03:11:02
AVSMTP.DLL : 12.3.0.32 63480 Bytes 8/9/2012 02:48:28
NETNT.DLL : 12.3.0.15 17104 Bytes 5/2/2012 05:33:29
RCIMAGE.DLL : 12.3.0.31 4445944 Bytes 8/9/2012 02:48:21
RCTEXT.DLL : 12.3.0.31 97784 Bytes 8/9/2012 02:48:21

Configuration settings for the scan:
Jobname.............................: AVGuardAsyncScan
Configuration file..................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_50315f48\guard_slideup.avp
Logging.............................: default
Primary action......................: Repair
Secondary action....................: Quarantine
Scan master boot sector.............: on
Scan boot sector....................: off
Process scan........................: on
Scan registry.......................: off
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: Complete

Start of the scan: Monday, August 20, 2012 00:42

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'FlashPlayerPlugin_11_3_300_271.exe' - '1' Module(s) have been scanned
Scan process 'FlashPlayerPlugin_11_3_300_271.exe' - '1' Module(s) have been scanned
Scan process 'plugin-container.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'OnlineCmdLineScanner.exe' - '1' Module(s) have been scanned
Scan process 'OnlineScannerApp.exe' - '1' Module(s) have been scanned
Scan process 'mbamservice.exe' - '1' Module(s) have been scanned
Scan process 'IAStorDataMgrSvc.exe' - '1' Module(s) have been scanned
Scan process 'UNS.exe' - '1' Module(s) have been scanned
Scan process 'YCMMirage.exe' - '1' Module(s) have been scanned
Scan process 'FsynSrvStarter.exe' - '1' Module(s) have been scanned
Scan process 'HTCVBTServer.exe' - '1' Module(s) have been scanned
Scan process 'DbgOut.exe' - '1' Module(s) have been scanned
Scan process 'epmworker.exe' - '1' Module(s) have been scanned
Scan process 'ClientInitiatedStarter.exe' - '1' Module(s) have been scanned
Scan process 'Generic.exe' - '1' Module(s) have been scanned
Scan process 'RunDll32.exe' - '1' Module(s) have been scanned
Scan process 'hpqWmiEx.exe' - '1' Module(s) have been scanned
Scan process 'logger.exe' - '1' Module(s) have been scanned
Scan process 'CapabilityManager.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'AdobeARM.exe' - '1' Module(s) have been scanned
Scan process 'HPMSGSVC.exe' - '1' Module(s) have been scanned
Scan process 'HPOSD.exe' - '1' Module(s) have been scanned
Scan process 'mbamgui.exe' - '1' Module(s) have been scanned
Scan process 'Application Launcher.exe' - '1' Module(s) have been scanned
Scan process 'PWRISOVM.EXE' - '1' Module(s) have been scanned
Scan process 'IAStorIcon.exe' - '1' Module(s) have been scanned
Scan process 'V CAST Backup Scheduler.exe' - '1' Module(s) have been scanned
Scan process 'DTLite.exe' - '1' Module(s) have been scanned
Scan process 'LightScribeControlPanel.exe' - '1' Module(s) have been scanned
Scan process 'RNowSvc.exe' - '1' Module(s) have been scanned
Scan process 'LMS.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'HPWMISVC.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'armsvc.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned

Starting the file scan:

Begin scan in 'C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JBA1PPDJ\63458239459025636[1].htm'
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JBA1PPDJ\63458239459025636[1].htm
[DETECTION] Contains recognition pattern of the JS/Obfuscated.HK Java script virus
[NOTE] The file was moved to the quarantine directory under the name '56c960fd.qua'.


End of the scan: Monday, August 20, 2012 00:42
Used time: 00:26 Minute(s)

The scan has been done completely.

0 Scanned directories
44 Files were scanned
1 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 Files were deleted
0 Viruses and unwanted programs were repaired
1 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
43 Files not concerned
0 Archives were scanned
0 Warnings
1 Notes


Avira Free Antivirus
Report file date: Monday, August 20, 2012 00:42

Scanning for 4130458 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available.

Licensee : Avira AntiVir Personal - Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows 7 Home Premium
Windows version : (plain) [6.1.7600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : APRIL-HP

Version information:
BUILD.DAT : 12.0.0.1167 40870 Bytes 7/18/2012 20:07:00
AVSCAN.EXE : 12.3.0.33 468472 Bytes 8/9/2012 02:48:28
AVSCAN.DLL : 12.3.0.15 54736 Bytes 5/2/2012 19:31:39
LUKE.DLL : 12.3.0.15 68304 Bytes 5/2/2012 05:31:47
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 5/2/2012 04:13:36
AVREG.DLL : 12.3.0.17 232200 Bytes 5/28/2012 18:52:55
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 00:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 05:23:21
VBASE002.VDF : 7.11.19.170 14374912 Bytes 12/20/2011 05:32:24
VBASE003.VDF : 7.11.21.238 4472832 Bytes 2/1/2012 15:58:50
VBASE004.VDF : 7.11.26.44 4329472 Bytes 3/28/2012 16:43:53
VBASE005.VDF : 7.11.34.116 4034048 Bytes 6/29/2012 23:03:54
VBASE006.VDF : 7.11.34.117 2048 Bytes 6/29/2012 23:03:54
VBASE007.VDF : 7.11.34.118 2048 Bytes 6/29/2012 23:03:54
VBASE008.VDF : 7.11.34.119 2048 Bytes 6/29/2012 23:03:55
VBASE009.VDF : 7.11.34.120 2048 Bytes 6/29/2012 23:03:55
VBASE010.VDF : 7.11.34.121 2048 Bytes 6/29/2012 23:03:55
VBASE011.VDF : 7.11.34.122 2048 Bytes 6/29/2012 23:03:55
VBASE012.VDF : 7.11.34.123 2048 Bytes 6/29/2012 23:03:55
VBASE013.VDF : 7.11.34.124 2048 Bytes 6/29/2012 23:03:55
VBASE014.VDF : 7.11.38.18 2554880 Bytes 7/30/2012 03:15:51
VBASE015.VDF : 7.11.38.70 556032 Bytes 7/31/2012 03:15:45
VBASE016.VDF : 7.11.38.143 171008 Bytes 8/2/2012 04:14:15
VBASE017.VDF : 7.11.38.221 178176 Bytes 8/6/2012 19:38:24
VBASE018.VDF : 7.11.39.37 168448 Bytes 8/8/2012 02:48:22
VBASE019.VDF : 7.11.39.89 131072 Bytes 8/9/2012 03:10:35
VBASE020.VDF : 7.11.39.145 142336 Bytes 8/11/2012 07:23:30
VBASE021.VDF : 7.11.39.207 165888 Bytes 8/14/2012 18:48:33
VBASE022.VDF : 7.11.40.9 156160 Bytes 8/16/2012 03:16:09
VBASE023.VDF : 7.11.40.49 133120 Bytes 8/17/2012 03:15:56
VBASE024.VDF : 7.11.40.50 2048 Bytes 8/17/2012 03:15:56
VBASE025.VDF : 7.11.40.51 2048 Bytes 8/17/2012 03:15:56
VBASE026.VDF : 7.11.40.52 2048 Bytes 8/17/2012 03:15:56
VBASE027.VDF : 7.11.40.53 2048 Bytes 8/17/2012 03:15:56
VBASE028.VDF : 7.11.40.54 2048 Bytes 8/17/2012 03:15:56
VBASE029.VDF : 7.11.40.55 2048 Bytes 8/17/2012 03:15:56
VBASE030.VDF : 7.11.40.56 2048 Bytes 8/17/2012 03:15:56
VBASE031.VDF : 7.11.40.82 91136 Bytes 8/19/2012 03:41:30
Engine version : 8.2.10.132
AEVDF.DLL : 8.1.2.10 102772 Bytes 7/11/2012 08:02:48
AESCRIPT.DLL : 8.1.4.42 459129 Bytes 8/10/2012 03:10:43
AESCN.DLL : 8.1.8.2 131444 Bytes 2/16/2012 22:11:36
AESBX.DLL : 8.2.5.12 606578 Bytes 6/15/2012 08:28:36
AERDL.DLL : 8.1.9.15 639348 Bytes 1/21/2012 05:22:40
AEPACK.DLL : 8.3.0.24 811381 Bytes 8/7/2012 21:16:47
AEOFFICE.DLL : 8.1.2.42 201083 Bytes 7/20/2012 07:26:23
AEHEUR.DLL : 8.1.4.86 5165429 Bytes 8/10/2012 03:10:41
AEHELP.DLL : 8.1.23.2 258422 Bytes 6/29/2012 03:21:04
AEGEN.DLL : 8.1.5.34 434548 Bytes 7/20/2012 07:24:29
AEEXP.DLL : 8.1.0.74 86387 Bytes 8/4/2012 04:14:06
AEEMU.DLL : 8.1.3.2 393587 Bytes 7/11/2012 08:02:47
AECORE.DLL : 8.1.27.4 201078 Bytes 8/7/2012 21:16:46
AEBB.DLL : 8.1.1.0 53618 Bytes 1/21/2012 05:22:35
AVWINLL.DLL : 12.3.0.15 27344 Bytes 5/2/2012 04:59:21
AVPREF.DLL : 12.3.0.15 51920 Bytes 5/2/2012 04:44:31
AVREP.DLL : 12.3.0.15 179208 Bytes 5/2/2012 04:13:35
AVARKT.DLL : 12.3.0.15 211408 Bytes 5/2/2012 04:21:32
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 5/2/2012 04:28:49
SQLITE3.DLL : 3.7.0.1 398288 Bytes 4/17/2012 03:11:02
AVSMTP.DLL : 12.3.0.32 63480 Bytes 8/9/2012 02:48:28
NETNT.DLL : 12.3.0.15 17104 Bytes 5/2/2012 05:33:29
RCIMAGE.DLL : 12.3.0.31 4445944 Bytes 8/9/2012 02:48:21
RCTEXT.DLL : 12.3.0.31 97784 Bytes 8/9/2012 02:48:21

Configuration settings for the scan:
Jobname.............................: AVGuardAsyncScan
Configuration file..................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_50315f48\guard_slideup.avp
Logging.............................: default
Primary action......................: Repair
Secondary action....................: Quarantine
Scan master boot sector.............: on
Scan boot sector....................: off
Process scan........................: on
Scan registry.......................: off
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: Complete

Start of the scan: Monday, August 20, 2012 00:42

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'FlashPlayerPlugin_11_3_300_271.exe' - '1' Module(s) have been scanned
Scan process 'FlashPlayerPlugin_11_3_300_271.exe' - '1' Module(s) have been scanned
Scan process 'plugin-container.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'OnlineCmdLineScanner.exe' - '1' Module(s) have been scanned
Scan process 'OnlineScannerApp.exe' - '1' Module(s) have been scanned
Scan process 'mbamservice.exe' - '1' Module(s) have been scanned
Scan process 'IAStorDataMgrSvc.exe' - '1' Module(s) have been scanned
Scan process 'UNS.exe' - '1' Module(s) have been scanned
Scan process 'YCMMirage.exe' - '1' Module(s) have been scanned
Scan process 'FsynSrvStarter.exe' - '1' Module(s) have been scanned
Scan process 'HTCVBTServer.exe' - '1' Module(s) have been scanned
Scan process 'DbgOut.exe' - '1' Module(s) have been scanned
Scan process 'epmworker.exe' - '1' Module(s) have been scanned
Scan process 'ClientInitiatedStarter.exe' - '1' Module(s) have been scanned
Scan process 'Generic.exe' - '1' Module(s) have been scanned
Scan process 'RunDll32.exe' - '1' Module(s) have been scanned
Scan process 'hpqWmiEx.exe' - '1' Module(s) have been scanned
Scan process 'logger.exe' - '1' Module(s) have been scanned
Scan process 'CapabilityManager.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'AdobeARM.exe' - '1' Module(s) have been scanned
Scan process 'HPMSGSVC.exe' - '1' Module(s) have been scanned
Scan process 'HPOSD.exe' - '1' Module(s) have been scanned
Scan process 'mbamgui.exe' - '1' Module(s) have been scanned
Scan process 'Application Launcher.exe' - '1' Module(s) have been scanned
Scan process 'PWRISOVM.EXE' - '1' Module(s) have been scanned
Scan process 'IAStorIcon.exe' - '1' Module(s) have been scanned
Scan process 'V CAST Backup Scheduler.exe' - '1' Module(s) have been scanned
Scan process 'DTLite.exe' - '1' Module(s) have been scanned
Scan process 'LightScribeControlPanel.exe' - '1' Module(s) have been scanned
Scan process 'RNowSvc.exe' - '1' Module(s) have been scanned
Scan process 'LMS.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'HPWMISVC.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'armsvc.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned

Starting the file scan:

Begin scan in 'C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N55GYOH5\68349jj683[1].htm'
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N55GYOH5\68349jj683[1].htm
[DETECTION] Contains recognition pattern of the JS/Obfuscated.HK Java script virus
[NOTE] The file was moved to the quarantine directory under the name '551569fc.qua'.
Begin scan in 'C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N55GYOH5\7386F7HHs[1].htm'
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N55GYOH5\7386F7HHs[1].htm
[DETECTION] Contains recognition pattern of the JS/Obfuscated.HK Java script virus
[NOTE] The file was moved to the quarantine directory under the name '4d8f465e.qua'.


End of the scan: Monday, August 20, 2012 00:42
Used time: 00:26 Minute(s)

The scan has been done completely.

0 Scanned directories
44 Files were scanned
2 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 Files were deleted
0 Viruses and unwanted programs were repaired
2 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
42 Files not concerned
0 Archives were scanned
0 Warnings
2 Notes

Avira Free Antivirus
Report file date: Monday, August 20, 2012 00:42

Scanning for 4130458 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available.

Licensee : Avira AntiVir Personal - Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows 7 Home Premium
Windows version : (plain) [6.1.7600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : APRIL-HP

Version information:
BUILD.DAT : 12.0.0.1167 40870 Bytes 7/18/2012 20:07:00
AVSCAN.EXE : 12.3.0.33 468472 Bytes 8/9/2012 02:48:28
AVSCAN.DLL : 12.3.0.15 54736 Bytes 5/2/2012 19:31:39
LUKE.DLL : 12.3.0.15 68304 Bytes 5/2/2012 05:31:47
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 5/2/2012 04:13:36
AVREG.DLL : 12.3.0.17 232200 Bytes 5/28/2012 18:52:55
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 00:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 05:23:21
VBASE002.VDF : 7.11.19.170 14374912 Bytes 12/20/2011 05:32:24
VBASE003.VDF : 7.11.21.238 4472832 Bytes 2/1/2012 15:58:50
VBASE004.VDF : 7.11.26.44 4329472 Bytes 3/28/2012 16:43:53
VBASE005.VDF : 7.11.34.116 4034048 Bytes 6/29/2012 23:03:54
VBASE006.VDF : 7.11.34.117 2048 Bytes 6/29/2012 23:03:54
VBASE007.VDF : 7.11.34.118 2048 Bytes 6/29/2012 23:03:54
VBASE008.VDF : 7.11.34.119 2048 Bytes 6/29/2012 23:03:55
VBASE009.VDF : 7.11.34.120 2048 Bytes 6/29/2012 23:03:55
VBASE010.VDF : 7.11.34.121 2048 Bytes 6/29/2012 23:03:55
VBASE011.VDF : 7.11.34.122 2048 Bytes 6/29/2012 23:03:55
VBASE012.VDF : 7.11.34.123 2048 Bytes 6/29/2012 23:03:55
VBASE013.VDF : 7.11.34.124 2048 Bytes 6/29/2012 23:03:55
VBASE014.VDF : 7.11.38.18 2554880 Bytes 7/30/2012 03:15:51
VBASE015.VDF : 7.11.38.70 556032 Bytes 7/31/2012 03:15:45
VBASE016.VDF : 7.11.38.143 171008 Bytes 8/2/2012 04:14:15
VBASE017.VDF : 7.11.38.221 178176 Bytes 8/6/2012 19:38:24
VBASE018.VDF : 7.11.39.37 168448 Bytes 8/8/2012 02:48:22
VBASE019.VDF : 7.11.39.89 131072 Bytes 8/9/2012 03:10:35
VBASE020.VDF : 7.11.39.145 142336 Bytes 8/11/2012 07:23:30
VBASE021.VDF : 7.11.39.207 165888 Bytes 8/14/2012 18:48:33
VBASE022.VDF : 7.11.40.9 156160 Bytes 8/16/2012 03:16:09
VBASE023.VDF : 7.11.40.49 133120 Bytes 8/17/2012 03:15:56
VBASE024.VDF : 7.11.40.50 2048 Bytes 8/17/2012 03:15:56
VBASE025.VDF : 7.11.40.51 2048 Bytes 8/17/2012 03:15:56
VBASE026.VDF : 7.11.40.52 2048 Bytes 8/17/2012 03:15:56
VBASE027.VDF : 7.11.40.53 2048 Bytes 8/17/2012 03:15:56
VBASE028.VDF : 7.11.40.54 2048 Bytes 8/17/2012 03:15:56
VBASE029.VDF : 7.11.40.55 2048 Bytes 8/17/2012 03:15:56
VBASE030.VDF : 7.11.40.56 2048 Bytes 8/17/2012 03:15:56
VBASE031.VDF : 7.11.40.82 91136 Bytes 8/19/2012 03:41:30
Engine version : 8.2.10.132
AEVDF.DLL : 8.1.2.10 102772 Bytes 7/11/2012 08:02:48
AESCRIPT.DLL : 8.1.4.42 459129 Bytes 8/10/2012 03:10:43
AESCN.DLL : 8.1.8.2 131444 Bytes 2/16/2012 22:11:36
AESBX.DLL : 8.2.5.12 606578 Bytes 6/15/2012 08:28:36
AERDL.DLL : 8.1.9.15 639348 Bytes 1/21/2012 05:22:40
AEPACK.DLL : 8.3.0.24 811381 Bytes 8/7/2012 21:16:47
AEOFFICE.DLL : 8.1.2.42 201083 Bytes 7/20/2012 07:26:23
AEHEUR.DLL : 8.1.4.86 5165429 Bytes 8/10/2012 03:10:41
AEHELP.DLL : 8.1.23.2 258422 Bytes 6/29/2012 03:21:04
AEGEN.DLL : 8.1.5.34 434548 Bytes 7/20/2012 07:24:29
AEEXP.DLL : 8.1.0.74 86387 Bytes 8/4/2012 04:14:06
AEEMU.DLL : 8.1.3.2 393587 Bytes 7/11/2012 08:02:47
AECORE.DLL : 8.1.27.4 201078 Bytes 8/7/2012 21:16:46
AEBB.DLL : 8.1.1.0 53618 Bytes 1/21/2012 05:22:35
AVWINLL.DLL : 12.3.0.15 27344 Bytes 5/2/2012 04:59:21
AVPREF.DLL : 12.3.0.15 51920 Bytes 5/2/2012 04:44:31
AVREP.DLL : 12.3.0.15 179208 Bytes 5/2/2012 04:13:35
AVARKT.DLL : 12.3.0.15 211408 Bytes 5/2/2012 04:21:32
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 5/2/2012 04:28:49
SQLITE3.DLL : 3.7.0.1 398288 Bytes 4/17/2012 03:11:02
AVSMTP.DLL : 12.3.0.32 63480 Bytes 8/9/2012 02:48:28
NETNT.DLL : 12.3.0.15 17104 Bytes 5/2/2012 05:33:29
RCIMAGE.DLL : 12.3.0.31 4445944 Bytes 8/9/2012 02:48:21
RCTEXT.DLL : 12.3.0.31 97784 Bytes 8/9/2012 02:48:21

Configuration settings for the scan:
Jobname.............................: AVGuardAsyncScan
Configuration file..................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_50315f48\guard_slideup.avp
Logging.............................: default
Primary action......................: Repair
Secondary action....................: Quarantine
Scan master boot sector.............: on
Scan boot sector....................: off
Process scan........................: on
Scan registry.......................: off
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: Complete

Start of the scan: Monday, August 20, 2012 00:42

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'FlashPlayerPlugin_11_3_300_271.exe' - '1' Module(s) have been scanned
Scan process 'FlashPlayerPlugin_11_3_300_271.exe' - '1' Module(s) have been scanned
Scan process 'plugin-container.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'OnlineCmdLineScanner.exe' - '1' Module(s) have been scanned
Scan process 'OnlineScannerApp.exe' - '1' Module(s) have been scanned
Scan process 'mbamservice.exe' - '1' Module(s) have been scanned
Scan process 'IAStorDataMgrSvc.exe' - '1' Module(s) have been scanned
Scan process 'UNS.exe' - '1' Module(s) have been scanned
Scan process 'YCMMirage.exe' - '1' Module(s) have been scanned
Scan process 'FsynSrvStarter.exe' - '1' Module(s) have been scanned
Scan process 'HTCVBTServer.exe' - '1' Module(s) have been scanned
Scan process 'DbgOut.exe' - '1' Module(s) have been scanned
Scan process 'epmworker.exe' - '1' Module(s) have been scanned
Scan process 'ClientInitiatedStarter.exe' - '1' Module(s) have been scanned
Scan process 'Generic.exe' - '1' Module(s) have been scanned
Scan process 'RunDll32.exe' - '1' Module(s) have been scanned
Scan process 'hpqWmiEx.exe' - '1' Module(s) have been scanned
Scan process 'logger.exe' - '1' Module(s) have been scanned
Scan process 'CapabilityManager.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'AdobeARM.exe' - '1' Module(s) have been scanned
Scan process 'HPMSGSVC.exe' - '1' Module(s) have been scanned
Scan process 'HPOSD.exe' - '1' Module(s) have been scanned
Scan process 'mbamgui.exe' - '1' Module(s) have been scanned
Scan process 'Application Launcher.exe' - '1' Module(s) have been scanned
Scan process 'PWRISOVM.EXE' - '1' Module(s) have been scanned
Scan process 'IAStorIcon.exe' - '1' Module(s) have been scanned
Scan process 'V CAST Backup Scheduler.exe' - '1' Module(s) have been scanned
Scan process 'DTLite.exe' - '1' Module(s) have been scanned
Scan process 'LightScribeControlPanel.exe' - '1' Module(s) have been scanned
Scan process 'RNowSvc.exe' - '1' Module(s) have been scanned
Scan process 'LMS.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'HPWMISVC.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'armsvc.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned

Starting the file scan:

Begin scan in 'C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N55GYOH5\FA5362A00L[1].htm'
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N55GYOH5\FA5362A00L[1].htm
[DETECTION] Contains recognition pattern of the JS/Obfuscated.HK Java script virus
[NOTE] The file was moved to the quarantine directory under the name '561f6d19.qua'.


End of the scan: Monday, August 20, 2012 00:42
Used time: 00:21 Minute(s)

The scan has been done completely.

0 Scanned directories
43 Files were scanned
1 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 Files were deleted
0 Viruses and unwanted programs were repaired
1 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
42 Files not concerned
0 Archives were scanned
0 Warnings
1 Notes


Avira Free Antivirus
Report file date: Monday, August 20, 2012 00:42

Scanning for 4130458 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available.

Licensee : Avira AntiVir Personal - Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows 7 Home Premium
Windows version : (plain) [6.1.7600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : APRIL-HP

Version information:
BUILD.DAT : 12.0.0.1167 40870 Bytes 7/18/2012 20:07:00
AVSCAN.EXE : 12.3.0.33 468472 Bytes 8/9/2012 02:48:28
AVSCAN.DLL : 12.3.0.15 54736 Bytes 5/2/2012 19:31:39
LUKE.DLL : 12.3.0.15 68304 Bytes 5/2/2012 05:31:47
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 5/2/2012 04:13:36
AVREG.DLL : 12.3.0.17 232200 Bytes 5/28/2012 18:52:55
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 00:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 05:23:21
VBASE002.VDF : 7.11.19.170 14374912 Bytes 12/20/2011 05:32:24
VBASE003.VDF : 7.11.21.238 4472832 Bytes 2/1/2012 15:58:50
VBASE004.VDF : 7.11.26.44 4329472 Bytes 3/28/2012 16:43:53
VBASE005.VDF : 7.11.34.116 4034048 Bytes 6/29/2012 23:03:54
VBASE006.VDF : 7.11.34.117 2048 Bytes 6/29/2012 23:03:54
VBASE007.VDF : 7.11.34.118 2048 Bytes 6/29/2012 23:03:54
VBASE008.VDF : 7.11.34.119 2048 Bytes 6/29/2012 23:03:55
VBASE009.VDF : 7.11.34.120 2048 Bytes 6/29/2012 23:03:55
VBASE010.VDF : 7.11.34.121 2048 Bytes 6/29/2012 23:03:55
VBASE011.VDF : 7.11.34.122 2048 Bytes 6/29/2012 23:03:55
VBASE012.VDF : 7.11.34.123 2048 Bytes 6/29/2012 23:03:55
VBASE013.VDF : 7.11.34.124 2048 Bytes 6/29/2012 23:03:55
VBASE014.VDF : 7.11.38.18 2554880 Bytes 7/30/2012 03:15:51
VBASE015.VDF : 7.11.38.70 556032 Bytes 7/31/2012 03:15:45
VBASE016.VDF : 7.11.38.143 171008 Bytes 8/2/2012 04:14:15
VBASE017.VDF : 7.11.38.221 178176 Bytes 8/6/2012 19:38:24
VBASE018.VDF : 7.11.39.37 168448 Bytes 8/8/2012 02:48:22
VBASE019.VDF : 7.11.39.89 131072 Bytes 8/9/2012 03:10:35
VBASE020.VDF : 7.11.39.145 142336 Bytes 8/11/2012 07:23:30
VBASE021.VDF : 7.11.39.207 165888 Bytes 8/14/2012 18:48:33
VBASE022.VDF : 7.11.40.9 156160 Bytes 8/16/2012 03:16:09
VBASE023.VDF : 7.11.40.49 133120 Bytes 8/17/2012 03:15:56
VBASE024.VDF : 7.11.40.50 2048 Bytes 8/17/2012 03:15:56
VBASE025.VDF : 7.11.40.51 2048 Bytes 8/17/2012 03:15:56
VBASE026.VDF : 7.11.40.52 2048 Bytes 8/17/2012 03:15:56
VBASE027.VDF : 7.11.40.53 2048 Bytes 8/17/2012 03:15:56
VBASE028.VDF : 7.11.40.54 2048 Bytes 8/17/2012 03:15:56
VBASE029.VDF : 7.11.40.55 2048 Bytes 8/17/2012 03:15:56
VBASE030.VDF : 7.11.40.56 2048 Bytes 8/17/2012 03:15:56
VBASE031.VDF : 7.11.40.82 91136 Bytes 8/19/2012 03:41:30
Engine version : 8.2.10.132
AEVDF.DLL : 8.1.2.10 102772 Bytes 7/11/2012 08:02:48
AESCRIPT.DLL : 8.1.4.42 459129 Bytes 8/10/2012 03:10:43
AESCN.DLL : 8.1.8.2 131444 Bytes 2/16/2012 22:11:36
AESBX.DLL : 8.2.5.12 606578 Bytes 6/15/2012 08:28:36
AERDL.DLL : 8.1.9.15 639348 Bytes 1/21/2012 05:22:40
AEPACK.DLL : 8.3.0.24 811381 Bytes 8/7/2012 21:16:47
AEOFFICE.DLL : 8.1.2.42 201083 Bytes 7/20/2012 07:26:23
AEHEUR.DLL : 8.1.4.86 5165429 Bytes 8/10/2012 03:10:41
AEHELP.DLL : 8.1.23.2 258422 Bytes 6/29/2012 03:21:04
AEGEN.DLL : 8.1.5.34 434548 Bytes 7/20/2012 07:24:29
AEEXP.DLL : 8.1.0.74 86387 Bytes 8/4/2012 04:14:06
AEEMU.DLL : 8.1.3.2 393587 Bytes 7/11/2012 08:02:47
AECORE.DLL : 8.1.27.4 201078 Bytes 8/7/2012 21:16:46
AEBB.DLL : 8.1.1.0 53618 Bytes 1/21/2012 05:22:35
AVWINLL.DLL : 12.3.0.15 27344 Bytes 5/2/2012 04:59:21
AVPREF.DLL : 12.3.0.15 51920 Bytes 5/2/2012 04:44:31
AVREP.DLL : 12.3.0.15 179208 Bytes 5/2/2012 04:13:35
AVARKT.DLL : 12.3.0.15 211408 Bytes 5/2/2012 04:21:32
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 5/2/2012 04:28:49
SQLITE3.DLL : 3.7.0.1 398288 Bytes 4/17/2012 03:11:02
AVSMTP.DLL : 12.3.0.32 63480 Bytes 8/9/2012 02:48:28
NETNT.DLL : 12.3.0.15 17104 Bytes 5/2/2012 05:33:29
RCIMAGE.DLL : 12.3.0.31 4445944 Bytes 8/9/2012 02:48:21
RCTEXT.DLL : 12.3.0.31 97784 Bytes 8/9/2012 02:48:21

Configuration settings for the scan:
Jobname.............................: AVGuardAsyncScan
Configuration file..................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_50315f48\guard_slideup.avp
Logging.............................: default
Primary action......................: Interactive
Secondary action....................: Quarantine
Scan master boot sector.............: on
Scan boot sector....................: off
Process scan........................: on
Scan registry.......................: off
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: Complete

Start of the scan: Monday, August 20, 2012 00:42

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'FlashPlayerPlugin_11_3_300_271.exe' - '1' Module(s) have been scanned
Scan process 'FlashPlayerPlugin_11_3_300_271.exe' - '1' Module(s) have been scanned
Scan process 'plugin-container.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'OnlineCmdLineScanner.exe' - '1' Module(s) have been scanned
Scan process 'OnlineScannerApp.exe' - '1' Module(s) have been scanned
Scan process 'mbamservice.exe' - '1' Module(s) have been scanned
Scan process 'IAStorDataMgrSvc.exe' - '1' Module(s) have been scanned
Scan process 'UNS.exe' - '1' Module(s) have been scanned
Scan process 'YCMMirage.exe' - '1' Module(s) have been scanned
Scan process 'FsynSrvStarter.exe' - '1' Module(s) have been scanned
Scan process 'HTCVBTServer.exe' - '1' Module(s) have been scanned
Scan process 'DbgOut.exe' - '1' Module(s) have been scanned
Scan process 'epmworker.exe' - '1' Module(s) have been scanned
Scan process 'ClientInitiatedStarter.exe' - '1' Module(s) have been scanned
Scan process 'Generic.exe' - '1' Module(s) have been scanned
Scan process 'RunDll32.exe' - '1' Module(s) have been scanned
Scan process 'hpqWmiEx.exe' - '1' Module(s) have been scanned
Scan process 'logger.exe' - '1' Module(s) have been scanned
Scan process 'CapabilityManager.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'AdobeARM.exe' - '1' Module(s) have been scanned
Scan process 'HPMSGSVC.exe' - '1' Module(s) have been scanned
Scan process 'HPOSD.exe' - '1' Module(s) have been scanned
Scan process 'mbamgui.exe' - '1' Module(s) have been scanned
Scan process 'Application Launcher.exe' - '1' Module(s) have been scanned
Scan process 'PWRISOVM.EXE' - '1' Module(s) have been scanned
Scan process 'IAStorIcon.exe' - '1' Module(s) have been scanned
Scan process 'V CAST Backup Scheduler.exe' - '1' Module(s) have been scanned
Scan process 'DTLite.exe' - '1' Module(s) have been scanned
Scan process 'LightScribeControlPanel.exe' - '1' Module(s) have been scanned
Scan process 'RNowSvc.exe' - '1' Module(s) have been scanned
Scan process 'LMS.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'HPWMISVC.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'armsvc.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned

Starting the file scan:

Begin scan in 'C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SHA3HR4Z\879349865b346b87b3587[1].htm'
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SHA3HR4Z\879349865b346b87b3587[1].htm
[DETECTION] Contains recognition pattern of the JS/Obfuscated.HK Java script virus

Beginning disinfection:
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SHA3HR4Z\879349865b346b87b3587[1].htm
[DETECTION] Contains recognition pattern of the JS/Obfuscated.HK Java script virus
[NOTE] The file was moved to the quarantine directory under the name '549f63aa.qua'.


End of the scan: Monday, August 20, 2012 01:43
Used time: 00:00 Minute(s)

The scan has been done completely.

0 Scanned directories
43 Files were scanned
1 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 Files were deleted
0 Viruses and unwanted programs were repaired
1 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
42 Files not concerned
0 Archives were scanned
0 Warnings
1 Notes


The scan results will be transferred to the Guard.

Avira Free Antivirus
Report file date: Monday, August 20, 2012 00:43

Scanning for 4130458 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available.

Licensee : Avira AntiVir Personal - Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows 7 Home Premium
Windows version : (plain) [6.1.7600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : APRIL-HP

Version information:
BUILD.DAT : 12.0.0.1167 40870 Bytes 7/18/2012 20:07:00
AVSCAN.EXE : 12.3.0.33 468472 Bytes 8/9/2012 02:48:28
AVSCAN.DLL : 12.3.0.15 54736 Bytes 5/2/2012 19:31:39
LUKE.DLL : 12.3.0.15 68304 Bytes 5/2/2012 05:31:47
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 5/2/2012 04:13:36
AVREG.DLL : 12.3.0.17 232200 Bytes 5/28/2012 18:52:55
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 00:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 05:23:21
VBASE002.VDF : 7.11.19.170 14374912 Bytes 12/20/2011 05:32:24
VBASE003.VDF : 7.11.21.238 4472832 Bytes 2/1/2012 15:58:50
VBASE004.VDF : 7.11.26.44 4329472 Bytes 3/28/2012 16:43:53
VBASE005.VDF : 7.11.34.116 4034048 Bytes 6/29/2012 23:03:54
VBASE006.VDF : 7.11.34.117 2048 Bytes 6/29/2012 23:03:54
VBASE007.VDF : 7.11.34.118 2048 Bytes 6/29/2012 23:03:54
VBASE008.VDF : 7.11.34.119 2048 Bytes 6/29/2012 23:03:55
VBASE009.VDF : 7.11.34.120 2048 Bytes 6/29/2012 23:03:55
VBASE010.VDF : 7.11.34.121 2048 Bytes 6/29/2012 23:03:55
VBASE011.VDF : 7.11.34.122 2048 Bytes 6/29/2012 23:03:55
VBASE012.VDF : 7.11.34.123 2048 Bytes 6/29/2012 23:03:55
VBASE013.VDF : 7.11.34.124 2048 Bytes 6/29/2012 23:03:55
VBASE014.VDF : 7.11.38.18 2554880 Bytes 7/30/2012 03:15:51
VBASE015.VDF : 7.11.38.70 556032 Bytes 7/31/2012 03:15:45
VBASE016.VDF : 7.11.38.143 171008 Bytes 8/2/2012 04:14:15
VBASE017.VDF : 7.11.38.221 178176 Bytes 8/6/2012 19:38:24
VBASE018.VDF : 7.11.39.37 168448 Bytes 8/8/2012 02:48:22
VBASE019.VDF : 7.11.39.89 131072 Bytes 8/9/2012 03:10:35
VBASE020.VDF : 7.11.39.145 142336 Bytes 8/11/2012 07:23:30
VBASE021.VDF : 7.11.39.207 165888 Bytes 8/14/2012 18:48:33
VBASE022.VDF : 7.11.40.9 156160 Bytes 8/16/2012 03:16:09
VBASE023.VDF : 7.11.40.49 133120 Bytes 8/17/2012 03:15:56
VBASE024.VDF : 7.11.40.50 2048 Bytes 8/17/2012 03:15:56
VBASE025.VDF : 7.11.40.51 2048 Bytes 8/17/2012 03:15:56
VBASE026.VDF : 7.11.40.52 2048 Bytes 8/17/2012 03:15:56
VBASE027.VDF : 7.11.40.53 2048 Bytes 8/17/2012 03:15:56
VBASE028.VDF : 7.11.40.54 2048 Bytes 8/17/2012 03:15:56
VBASE029.VDF : 7.11.40.55 2048 Bytes 8/17/2012 03:15:56
VBASE030.VDF : 7.11.40.56 2048 Bytes 8/17/2012 03:15:56
VBASE031.VDF : 7.11.40.82 91136 Bytes 8/19/2012 03:41:30
Engine version : 8.2.10.132
AEVDF.DLL : 8.1.2.10 102772 Bytes 7/11/2012 08:02:48
AESCRIPT.DLL : 8.1.4.42 459129 Bytes 8/10/2012 03:10:43
AESCN.DLL : 8.1.8.2 131444 Bytes 2/16/2012 22:11:36
AESBX.DLL : 8.2.5.12 606578 Bytes 6/15/2012 08:28:36
AERDL.DLL : 8.1.9.15 639348 Bytes 1/21/2012 05:22:40
AEPACK.DLL : 8.3.0.24 811381 Bytes 8/7/2012 21:16:47
AEOFFICE.DLL : 8.1.2.42 201083 Bytes 7/20/2012 07:26:23
AEHEUR.DLL : 8.1.4.86 5165429 Bytes 8/10/2012 03:10:41
AEHELP.DLL : 8.1.23.2 258422 Bytes 6/29/2012 03:21:04
AEGEN.DLL : 8.1.5.34 434548 Bytes 7/20/2012 07:24:29
AEEXP.DLL : 8.1.0.74 86387 Bytes 8/4/2012 04:14:06
AEEMU.DLL : 8.1.3.2 393587 Bytes 7/11/2012 08:02:47
AECORE.DLL : 8.1.27.4 201078 Bytes 8/7/2012 21:16:46
AEBB.DLL : 8.1.1.0 53618 Bytes 1/21/2012 05:22:35
AVWINLL.DLL : 12.3.0.15 27344 Bytes 5/2/2012 04:59:21
AVPREF.DLL : 12.3.0.15 51920 Bytes 5/2/2012 04:44:31
AVREP.DLL : 12.3.0.15 179208 Bytes 5/2/2012 04:13:35
AVARKT.DLL : 12.3.0.15 211408 Bytes 5/2/2012 04:21:32
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 5/2/2012 04:28:49
SQLITE3.DLL : 3.7.0.1 398288 Bytes 4/17/2012 03:11:02
AVSMTP.DLL : 12.3.0.32 63480 Bytes 8/9/2012 02:48:28
NETNT.DLL : 12.3.0.15 17104 Bytes 5/2/2012 05:33:29
RCIMAGE.DLL : 12.3.0.31 4445944 Bytes 8/9/2012 02:48:21
RCTEXT.DLL : 12.3.0.31 97784 Bytes 8/9/2012 02:48:21

Configuration settings for the scan:
Jobname.............................: AVGuardAsyncScan
Configuration file..................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_50315f48\guard_slideup.avp
Logging.............................: default
Primary action......................: Interactive
Secondary action....................: Quarantine
Scan master boot sector.............: on
Scan boot sector....................: off
Process scan........................: on
Scan registry.......................: off
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: Complete

Start of the scan: Monday, August 20, 2012 00:43

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'FlashPlayerPlugin_11_3_300_271.exe' - '1' Module(s) have been scanned
Scan process 'FlashPlayerPlugin_11_3_300_271.exe' - '1' Module(s) have been scanned
Scan process 'plugin-container.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'OnlineCmdLineScanner.exe' - '1' Module(s) have been scanned
Scan process 'OnlineScannerApp.exe' - '1' Module(s) have been scanned
Scan process 'mbamservice.exe' - '1' Module(s) have been scanned
Scan process 'IAStorDataMgrSvc.exe' - '1' Module(s) have been scanned
Scan process 'UNS.exe' - '1' Module(s) have been scanned
Scan process 'YCMMirage.exe' - '1' Module(s) have been scanned
Scan process 'FsynSrvStarter.exe' - '1' Module(s) have been scanned
Scan process 'HTCVBTServer.exe' - '1' Module(s) have been scanned
Scan process 'DbgOut.exe' - '1' Module(s) have been scanned
Scan process 'epmworker.exe' - '1' Module(s) have been scanned
Scan process 'ClientInitiatedStarter.exe' - '1' Module(s) have been scanned
Scan process 'Generic.exe' - '1' Module(s) have been scanned
Scan process 'RunDll32.exe' - '1' Module(s) have been scanned
Scan process 'hpqWmiEx.exe' - '1' Module(s) have been scanned
Scan process 'logger.exe' - '1' Module(s) have been scanned
Scan process 'CapabilityManager.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'AdobeARM.exe' - '1' Module(s) have been scanned
Scan process 'HPMSGSVC.exe' - '1' Module(s) have been scanned
Scan process 'HPOSD.exe' - '1' Module(s) have been scanned
Scan process 'mbamgui.exe' - '1' Module(s) have been scanned
Scan process 'Application Launcher.exe' - '1' Module(s) have been scanned
Scan process 'PWRISOVM.EXE' - '1' Module(s) have been scanned
Scan process 'IAStorIcon.exe' - '1' Module(s) have been scanned
Scan process 'V CAST Backup Scheduler.exe' - '1' Module(s) have been scanned
Scan process 'DTLite.exe' - '1' Module(s) have been scanned
Scan process 'LightScribeControlPanel.exe' - '1' Module(s) have been scanned
Scan process 'RNowSvc.exe' - '1' Module(s) have been scanned
Scan process 'LMS.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'HPWMISVC.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'armsvc.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned

Starting the file scan:

Begin scan in 'C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UOHD4AUV\875698G87S4[1].htm'
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UOHD4AUV\875698G87S4[1].htm
[DETECTION] Contains recognition pattern of the JS/Obfuscated.HK Java script virus
Begin scan in 'C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UOHD4AUV\879349865b346b87b3587[1].htm'
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UOHD4AUV\879349865b346b87b3587[1].htm
[DETECTION] Contains recognition pattern of the JS/Obfuscated.HK Java script virus

Beginning disinfection:
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UOHD4AUV\879349865b346b87b3587[1].htm
[DETECTION] Contains recognition pattern of the JS/Obfuscated.HK Java script virus
[NOTE] The file was moved to the quarantine directory under the name '550b6c42.qua'.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UOHD4AUV\875698G87S4[1].htm
[DETECTION] Contains recognition pattern of the JS/Obfuscated.HK Java script virus
[NOTE] The file was moved to the quarantine directory under the name '4d9043e5.qua'.


End of the scan: Monday, August 20, 2012 01:43
Used time: 00:00 Minute(s)

The scan has been done completely.

0 Scanned directories
44 Files were scanned
2 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 Files were deleted
0 Viruses and unwanted programs were repaired
2 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
42 Files not concerned
0 Archives were scanned
0 Warnings
2 Notes


The scan results will be transferred to the Guard.

#13 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:05:14 PM

Posted 22 August 2012 - 02:56 PM

Good evening. :)

I'll work through the various detections:

ESET Online flagged -

C:\ProgramData\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
C:\Users\All Users\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
C:\Users\Christian\Downloads\cnet2_swrsetup_exe.exe a variant of Win32/InstallCore.D application
C:\Users\Christian\Downloads\unlocker.exe a variant of Win32/Soft32Downloader.A application
C:\Users\Christian\Downloads\Unlocker1.9.1.exe Win32/Adware.ADON application

If you know what software the Tarma Installer was responsible for installing I would uninstall it, via the Control Panel, as well as the Installer itself - if you Google it you will see a variety of hits for this file.

CNET installers have been being flagged for a while and I would avoid downloading any software from that website for this reason. You can get most of the apps from other more trustworthy sources.

Assuming you got Unlocker from a trustworthy source I would consider this to be a false-positive. The code it contains could be used maliciously and so without the benefit of other knowledge the scanner flagged it as a risk.

Avast flagged -

C:\FRST\Quarantine\consrv.dll
[DETECTION] Is the TR/ATRAPS.Gen2 Trojan

If you look at the file path you can see that this file is one that has been removed with the use of FRST and so posed no risk where it was.

C:\Users\Christian\Downloads\Men_In_Black_-_Complete_Series.exe
[0] Archive type: NSIS
--> object
[DETECTION] Contains virus patterns of Adware ADWARE/1ClickDown.D

You presumably know where this one came form and can make your own mind up about it's legitimacy.

The rest are Temporary Internet Files and are the price of surfing the internet i'm afraid.

So long, and thanks for all the fish.

 

 


#14 christhekid

christhekid
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:12:14 PM

Posted 23 August 2012 - 12:39 AM

Ok so far I just deleted a couple of programs but what now?

#15 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:05:14 PM

Posted 23 August 2012 - 01:59 PM

Good evening. :)

Ok so far I just deleted a couple of programs but what now?


What indeed. The issue that you came with "Avira detected TR/ATRAPS.Gen2" is down to a file that posed no threat to your PC because it had previously been dealt with using FRST and appears to have been successfully dealt with by Avira - not that it needed anything more than manually deleting in the first place.
I assume that this file was removed during this set of instructions by SweetTech and so, unless there are any other issues that you are having, I don't see that there is anything more that I can do for you.

So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users