Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

TR/Hiloti.8.1 Trojan

Started by carloverx , Apr 18 2011 11:55 AM

  • Please log in to reply

#1
carloverx
Posted 18 April 2011 - 11:55 AM

carloverx

    Member

  • Member
  • PipPip
  • 20 posts
I've been fighting with a Trojan that Avira detects as "TR/Hiloti.8.1" Just when I think it's gone, it returns. Here is my OTL log:



OTL logfile created on: 4/18/2011 1:48:47 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\GREN Marketing\Desktop\Tools
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 60.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.79 Gb Total Space | 166.49 Gb Free Space | 71.52% Space Free | Partition Type: NTFS

Computer Name: GRENMARKETING | User Name: GREN Marketing | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/18 13:38:31 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\GREN Marketing\Desktop\Tools\OTL.exe
PRC - [2011/03/23 17:26:08 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/03/17 09:17:15 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/11/08 10:16:51 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/11/08 10:16:51 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/02/18 11:43:20 | 000,490,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/05/21 11:13:58 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/12/06 20:32:22 | 000,886,784 | ---- | M] () -- C:\Program Files\AeroSnap\AeroSnap.exe
PRC - [2008/12/04 14:00:26 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/12/04 14:00:20 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/08/14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/05/23 15:06:08 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2008/04/23 02:08:13 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
PRC - [2008/04/17 02:28:48 | 000,818,176 | ---- | M] (Jay Elaraj) -- C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/12 20:56:32 | 000,136,704 | ---- | M] (Softarium.com) -- C:\Program Files\Sound Volume Hotkeys\SoundVolumeHotkeys.exe
PRC - [2008/02/26 17:15:30 | 000,909,312 | ---- | M] (Realtek) -- C:\Program Files\Realtek\Diagnostics Utility\8169Diag.exe
PRC - [2006/09/25 10:12:20 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2003/12/04 17:00:34 | 000,634,880 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Tablet.exe
PRC - [2003/12/04 16:48:40 | 000,077,824 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\WTablet\TabUserW.exe


========== Modules (SafeList) ==========

MOD - [2011/04/18 13:38:31 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\GREN Marketing\Desktop\Tools\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2003/12/04 16:46:46 | 000,044,544 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\TabHook.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/03/30 16:04:14 | 003,229,784 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_a35e6b9.dll -- (Akamai)
SRV - [2011/03/17 09:17:15 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/11/08 10:16:51 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2008/12/04 14:00:26 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/08/14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2003/12/04 17:00:34 | 000,634,880 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\system32\Tablet.exe -- (TabletService)


========== Driver Services (SafeList) ==========

DRV - [2011/03/17 09:17:16 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/11/22 10:12:52 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008/08/18 19:03:28 | 000,079,960 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\jraid.sys -- (JRAID)
DRV - [2008/08/18 19:03:12 | 000,106,368 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/08/18 18:20:06 | 004,752,896 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/07/21 17:09:12 | 000,084,992 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2008/07/21 17:09:02 | 003,007,488 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/12/03 12:13:48 | 000,011,264 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\diag69xp.sys -- (Diag69xp)
DRV - [2007/11/20 02:14:08 | 000,016,640 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTLVLAN.SYS -- (RTLVLAN)
DRV - [2007/11/20 02:04:50 | 000,008,960 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LANPkt.sys -- (LANPkt)
DRV - [2007/07/23 16:05:20 | 000,009,104 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLADResM.SYS -- (DLADResM)
DRV - [2007/07/23 16:04:58 | 000,037,360 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2007/07/23 16:04:56 | 000,098,448 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2007/07/23 16:04:56 | 000,093,552 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2007/07/23 16:04:54 | 000,027,216 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2007/07/23 16:04:52 | 000,032,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2007/07/23 16:04:52 | 000,016,304 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2007/07/23 16:04:50 | 000,108,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007/07/23 15:49:44 | 000,030,064 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/07/23 15:49:44 | 000,014,576 | ---- | M] (Roxio) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2001/04/09 12:45:00 | 000,008,138 | ---- | M] (Wacom Technology Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PenClass.sys -- (PenClass)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USSMB/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://g.msn.com/USSMB/1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.c...settings/?pli=1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51}:2.3.54
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.2
FF - prefs.js..extensions.enabledItems: {ada4b710-8346-4b82-8199-5de2b400a6ae}:1.9.9.3.1

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/07 17:28:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/23 17:26:14 | 000,000,000 | ---D | M]

[2009/05/27 12:48:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\GREN Marketing\Application Data\Mozilla\Extensions
[2011/04/18 09:05:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\GREN Marketing\Application Data\Mozilla\Firefox\Profiles\w19fdwlp.default\extensions
[2010/07/27 09:17:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\GREN Marketing\Application Data\Mozilla\Firefox\Profiles\w19fdwlp.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/18 09:05:26 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\GREN Marketing\Application Data\Mozilla\Firefox\Profiles\w19fdwlp.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2011/03/24 16:00:11 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Documents and Settings\GREN Marketing\Application Data\Mozilla\Firefox\Profiles\w19fdwlp.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2010/03/31 09:38:23 | 000,000,000 | ---D | M] (Answers) -- C:\Documents and Settings\GREN Marketing\Application Data\Mozilla\Firefox\Profiles\w19fdwlp.default\extensions\{C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51}
[2011/02/07 10:09:05 | 000,000,000 | ---D | M] (Firebug) -- C:\Documents and Settings\GREN Marketing\Application Data\Mozilla\Firefox\Profiles\w19fdwlp.default\extensions\[email protected]
[2011/04/18 09:05:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/23 09:13:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2009/05/05 01:13:11 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/04/14 09:27:41 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [8169Diag] C:\Program Files\Realtek\Diagnostics Utility\8169Diag.exe (Realtek)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SoundVolumeHotkeys.{9547D1C7-4F18-4104-8674-046DCD12BDF9}] C:\Program Files\Sound Volume Hotkeys\SoundVolumeHotkeys.exe (Softarium.com)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [Taskbar Shuffle] C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe (Jay Elaraj)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AeroSnap.lnk = C:\Program Files\AeroSnap\AeroSnap.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe (Wacom Technology, Corp.)
O4 - Startup: C:\Documents and Settings\GREN Marketing\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\GREN Marketing\Start Menu\Programs\Startup\YPOPs.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\GREN Marketing\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\GREN Marketing\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 17:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/18 13:33:55 | 000,692,640 | ---- | C] (Enigma Software Group USA, LLC.) -- C:\Documents and Settings\GREN Marketing\Desktop\SpyHunter-Installer.exe
[2011/04/15 12:11:08 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/04/13 17:38:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2011/04/13 17:34:52 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/04/11 09:31:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GREN Marketing\Desktop\dress
[2011/03/31 15:56:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\GREN Marketing\Desktop\Automotive History

========== Files - Modified Within 30 Days ==========

[2011/04/18 13:33:57 | 000,692,640 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Documents and Settings\GREN Marketing\Desktop\SpyHunter-Installer.exe
[2011/04/18 09:01:34 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/18 09:01:03 | 000,000,251 | ---- | M] () -- C:\WINDOWS\System32\tablet.dat
[2011/04/18 09:00:54 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2011/04/18 09:00:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/18 09:00:46 | 3220,160,512 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/14 09:27:41 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/04/14 09:16:02 | 004,320,788 | R--- | M] () -- C:\Documents and Settings\GREN Marketing\Desktop\ComboFix.exe
[2011/04/14 09:14:42 | 001,006,778 | ---- | M] () -- C:\Documents and Settings\GREN Marketing\Desktop\rkill.scr
[2011/04/14 09:04:00 | 000,351,384 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/13 17:37:11 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/04/13 17:35:58 | 000,466,888 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/13 17:35:58 | 000,079,978 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/13 17:29:54 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\GREN Marketing\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to 2309.lnk
[2011/04/13 14:00:27 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Nvowisuvubo.dat
[2011/04/13 11:03:25 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Fdabocare.bin
[2011/04/12 09:17:06 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\null
[2011/04/05 14:23:02 | 000,259,755 | ---- | M] () -- C:\Documents and Settings\GREN Marketing\Desktop\small-sign-out-front-2.png
[2011/04/05 11:24:33 | 002,381,804 | ---- | M] () -- C:\Documents and Settings\GREN Marketing\Desktop\small-sign-out-front.png
[2011/03/28 10:25:50 | 000,000,727 | ---- | M] () -- C:\Documents and Settings\GREN Marketing\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to DrumandRotorCatalog20090326.lnk
[2011/03/25 17:22:11 | 000,008,536 | ---- | M] () -- C:\Documents and Settings\GREN Marketing\Desktop\rotoricon.gif

========== Files Created - No Company Name ==========

[2011/04/14 09:16:01 | 004,320,788 | R--- | C] () -- C:\Documents and Settings\GREN Marketing\Desktop\ComboFix.exe
[2011/04/14 09:14:42 | 001,006,778 | ---- | C] () -- C:\Documents and Settings\GREN Marketing\Desktop\rkill.scr
[2011/04/06 16:25:45 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Nvowisuvubo.dat
[2011/04/06 16:25:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Fdabocare.bin
[2011/04/05 14:23:02 | 000,259,755 | ---- | C] () -- C:\Documents and Settings\GREN Marketing\Desktop\small-sign-out-front-2.png
[2011/04/05 11:24:29 | 002,381,804 | ---- | C] () -- C:\Documents and Settings\GREN Marketing\Desktop\small-sign-out-front.png
[2011/03/25 17:22:11 | 000,008,536 | ---- | C] () -- C:\Documents and Settings\GREN Marketing\Desktop\rotoricon.gif
[2011/03/17 12:18:20 | 000,079,480 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/10/26 10:45:48 | 000,000,251 | ---- | C] () -- C:\WINDOWS\System32\tablet.dat
[2010/10/26 10:45:47 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TabUnst.dll
[2010/10/26 10:45:47 | 000,015,744 | ---- | C] () -- C:\WINDOWS\System32\wintab.dll
[2010/10/26 10:44:58 | 000,013,408 | ---- | C] () -- C:\WINDOWS\System32\tabinst.dll
[2010/10/26 10:44:58 | 000,004,032 | ---- | C] () -- C:\WINDOWS\System32\tabins16.dll
[2010/10/19 14:26:09 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/10/19 14:26:08 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/10/19 14:26:06 | 000,790,528 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/10/19 14:26:06 | 000,134,144 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/10/19 14:26:06 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/08/23 14:35:21 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/12/28 11:16:03 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/12/28 11:16:03 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/12/28 11:16:03 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009/12/28 11:16:03 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/12/28 11:16:03 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/05/28 10:54:01 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\GREN Marketing\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/27 14:35:30 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/05/27 12:48:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/05/26 10:02:26 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\GREN Marketing\Local Settings\Application Data\fusioncache.dat
[2009/05/05 08:07:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2009/05/05 04:05:30 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2009/05/05 04:05:30 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2009/05/05 04:05:30 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2009/05/05 04:05:30 | 000,168,883 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2009/05/05 04:05:30 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2009/05/05 04:05:30 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2009/05/05 04:05:16 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2009/05/05 04:04:35 | 000,001,152 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2009/05/05 01:22:56 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/05/05 01:15:32 | 000,000,234 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/05/26 22:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 22:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/25 17:31:41 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/04/25 17:27:18 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/04/25 17:26:32 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/04/25 12:16:24 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/25 12:16:22 | 000,466,888 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/25 12:16:22 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/25 12:16:22 | 000,079,978 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/25 12:16:22 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/25 12:16:22 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/25 12:16:21 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/25 12:16:20 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2008/04/25 12:16:18 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/25 12:16:18 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/25 12:16:13 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/25 12:16:11 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/25 05:22:39 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/04/25 05:21:52 | 000,351,384 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/07/05 07:17:08 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\IGTsnmp.dll

========== LOP Check ==========

[2010/01/11 11:21:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Altova
[2010/04/05 09:16:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/03/15 17:22:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2009/05/05 01:15:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/06/17 09:17:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/07/21 15:38:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GREN Marketing\Application Data\avidemux
[2011/03/17 12:18:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GREN Marketing\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/06/26 08:58:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GREN Marketing\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/03/24 18:13:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GREN Marketing\Application Data\FileZilla
[2010/01/11 11:39:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GREN Marketing\Application Data\firstobject
[2009/06/04 15:04:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GREN Marketing\Application Data\Opera
[2009/05/05 01:12:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GREN Marketing\Application Data\Windows Desktop Search
[2009/05/26 10:05:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GREN Marketing\Application Data\Windows Search
[2009/12/11 13:24:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\GREN Marketing\Application Data\Winsby Group
[2011/04/18 09:00:54 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job

========== Purity Check ==========



< End of report >









Also, here is a report from a partially run Avira system scan:



Avira AntiVir Personal
Report file date: Monday, April 18, 2011 13:08

Scanning for 2573620 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : GRENMARKETING

Version information:
BUILD.DAT : 10.0.0.635 31822 Bytes 3/7/2011 12:15:00
AVSCAN.EXE : 10.0.3.5 435368 Bytes 12/8/2010 14:12:30
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 17:57:04
LUKE.DLL : 10.0.3.2 104296 Bytes 12/8/2010 14:12:32
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 04:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 14:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 14:17:28
VBASE002.VDF : 7.11.3.0 1950720 Bytes 2/9/2011 14:13:58
VBASE003.VDF : 7.11.5.225 1980416 Bytes 4/7/2011 13:06:15
VBASE004.VDF : 7.11.5.226 2048 Bytes 4/7/2011 13:06:15
VBASE005.VDF : 7.11.5.227 2048 Bytes 4/7/2011 13:06:15
VBASE006.VDF : 7.11.5.228 2048 Bytes 4/7/2011 13:06:15
VBASE007.VDF : 7.11.5.229 2048 Bytes 4/7/2011 13:06:15
VBASE008.VDF : 7.11.5.230 2048 Bytes 4/7/2011 13:06:15
VBASE009.VDF : 7.11.5.231 2048 Bytes 4/7/2011 13:06:16
VBASE010.VDF : 7.11.5.232 2048 Bytes 4/7/2011 13:06:16
VBASE011.VDF : 7.11.5.233 2048 Bytes 4/7/2011 13:06:16
VBASE012.VDF : 7.11.5.234 2048 Bytes 4/7/2011 13:06:16
VBASE013.VDF : 7.11.6.28 158208 Bytes 4/11/2011 13:14:56
VBASE014.VDF : 7.11.6.74 116224 Bytes 4/13/2011 13:06:28
VBASE015.VDF : 7.11.6.113 137728 Bytes 4/14/2011 13:02:59
VBASE016.VDF : 7.11.6.150 146944 Bytes 4/18/2011 13:03:00
VBASE017.VDF : 7.11.6.151 2048 Bytes 4/18/2011 13:03:00
VBASE018.VDF : 7.11.6.152 2048 Bytes 4/18/2011 13:03:00
VBASE019.VDF : 7.11.6.153 2048 Bytes 4/18/2011 13:03:00
VBASE020.VDF : 7.11.6.154 2048 Bytes 4/18/2011 13:03:00
VBASE021.VDF : 7.11.6.155 2048 Bytes 4/18/2011 13:03:01
VBASE022.VDF : 7.11.6.156 2048 Bytes 4/18/2011 13:03:01
VBASE023.VDF : 7.11.6.157 2048 Bytes 4/18/2011 13:03:01
VBASE024.VDF : 7.11.6.158 2048 Bytes 4/18/2011 13:03:01
VBASE025.VDF : 7.11.6.159 2048 Bytes 4/18/2011 13:03:01
VBASE026.VDF : 7.11.6.160 2048 Bytes 4/18/2011 13:03:01
VBASE027.VDF : 7.11.6.161 2048 Bytes 4/18/2011 13:03:02
VBASE028.VDF : 7.11.6.162 2048 Bytes 4/18/2011 13:03:02
VBASE029.VDF : 7.11.6.163 2048 Bytes 4/18/2011 13:03:02
VBASE030.VDF : 7.11.6.164 2048 Bytes 4/18/2011 13:03:02
VBASE031.VDF : 7.11.6.169 24576 Bytes 4/18/2011 13:03:02
Engineversion : 8.2.4.208
AEVDF.DLL : 8.1.2.1 106868 Bytes 8/2/2010 13:07:00
AESCRIPT.DLL : 8.1.3.58 1266042 Bytes 4/4/2011 13:16:38
AESCN.DLL : 8.1.7.2 127349 Bytes 11/22/2010 14:12:24
AESBX.DLL : 8.1.3.2 254324 Bytes 11/22/2010 14:12:47
AERDL.DLL : 8.1.9.9 639347 Bytes 3/28/2011 13:11:11
AEPACK.DLL : 8.2.6.0 549237 Bytes 4/8/2011 13:08:10
AEOFFICE.DLL : 8.1.1.20 205177 Bytes 4/4/2011 13:16:08
AEHEUR.DLL : 8.1.2.98 3441014 Bytes 4/18/2011 13:03:06
AEHELP.DLL : 8.1.16.1 246134 Bytes 2/4/2011 14:10:41
AEGEN.DLL : 8.1.5.4 397684 Bytes 4/4/2011 13:14:52
AEEMU.DLL : 8.1.3.0 393589 Bytes 11/22/2010 14:10:44
AECORE.DLL : 8.1.20.2 196982 Bytes 4/8/2011 13:06:35
AEBB.DLL : 8.1.1.0 53618 Bytes 4/28/2010 14:49:18
AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 17:03:38
AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 17:03:35
AVREP.DLL : 10.0.0.8 62209 Bytes 2/18/2010 21:47:40
AVREG.DLL : 10.0.3.2 53096 Bytes 11/8/2010 14:16:51
AVSCPLR.DLL : 10.0.3.2 84328 Bytes 12/8/2010 14:12:31
AVARKT.DLL : 10.0.22.6 231784 Bytes 12/8/2010 14:12:24
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 14:53:30
SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 17:57:58
AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 20:38:56
NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 19:41:00
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 18:10:20
RCTEXT.DLL : 10.0.58.0 97128 Bytes 11/8/2010 14:16:50

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Monday, April 18, 2011 13:08

Starting search for hidden objects.

The scan of running processes will be started
Scan process 'SearchFilterHost.exe' - '34' Module(s) have been scanned
Scan process 'SearchProtocolHost.exe' - '56' Module(s) have been scanned
Scan process 'msdtc.exe' - '42' Module(s) have been scanned
Scan process 'dllhost.exe' - '63' Module(s) have been scanned
Scan process 'dllhost.exe' - '47' Module(s) have been scanned
Scan process 'vssvc.exe' - '50' Module(s) have been scanned
Scan process 'avscan.exe' - '73' Module(s) have been scanned
Scan process 'avcenter.exe' - '66' Module(s) have been scanned
Scan process 'EXCEL.EXE' - '77' Module(s) have been scanned
Scan process 'plugin-container.exe' - '74' Module(s) have been scanned
Scan process 'jucheck.exe' - '60' Module(s) have been scanned
Scan process 'firefox.exe' - '126' Module(s) have been scanned
Scan process 'OUTLOOK.EXE' - '182' Module(s) have been scanned
Scan process 'cli.exe' - '117' Module(s) have been scanned
Scan process 'alg.exe' - '35' Module(s) have been scanned
Scan process 'iPodService.exe' - '31' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '59' Module(s) have been scanned
Scan process 'IAANTMon.exe' - '38' Module(s) have been scanned
Scan process 'avshadow.exe' - '29' Module(s) have been scanned
Scan process 'Tablet.exe' - '31' Module(s) have been scanned
Scan process 'svchost.exe' - '41' Module(s) have been scanned
Scan process 'sprtsvc.exe' - '93' Module(s) have been scanned
Scan process 'SeaPort.exe' - '47' Module(s) have been scanned
Scan process 'MDM.EXE' - '23' Module(s) have been scanned
Scan process 'jqs.exe' - '35' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '35' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '31' Module(s) have been scanned
Scan process 'avguard.exe' - '58' Module(s) have been scanned
Scan process 'svchost.exe' - '70' Module(s) have been scanned
Scan process 'WindowsSearch.exe' - '68' Module(s) have been scanned
Scan process 'TabUserW.exe' - '21' Module(s) have been scanned
Scan process 'AeroSnap.exe' - '39' Module(s) have been scanned
Scan process 'ctfmon.exe' - '28' Module(s) have been scanned
Scan process 'taskbarshuffle.exe' - '30' Module(s) have been scanned
Scan process 'ISUSPM.exe' - '27' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '71' Module(s) have been scanned
Scan process 'AdobeARM.exe' - '44' Module(s) have been scanned
Scan process 'avgnt.exe' - '55' Module(s) have been scanned
Scan process 'GrooveMonitor.exe' - '46' Module(s) have been scanned
Scan process 'jusched.exe' - '41' Module(s) have been scanned
Scan process 'RTHDCPL.EXE' - '39' Module(s) have been scanned
Scan process 'Acrotray.exe' - '26' Module(s) have been scanned
Scan process 'SoundVolumeHotkeys.exe' - '29' Module(s) have been scanned
Scan process 'sprtcmd.exe' - '110' Module(s) have been scanned
Scan process 'PDVDDXSrv.exe' - '43' Module(s) have been scanned
Scan process 'CLI.EXE' - '186' Module(s) have been scanned
Scan process 'iaanotif.exe' - '41' Module(s) have been scanned
Scan process '8169Diag.exe' - '41' Module(s) have been scanned
Scan process 'Explorer.EXE' - '117' Module(s) have been scanned
Scan process 'svchost.exe' - '36' Module(s) have been scanned
Scan process 'sched.exe' - '48' Module(s) have been scanned
Scan process 'spoolsv.exe' - '70' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '40' Module(s) have been scanned
Scan process 'svchost.exe' - '43' Module(s) have been scanned
Scan process 'svchost.exe' - '34' Module(s) have been scanned
Scan process 'svchost.exe' - '178' Module(s) have been scanned
Scan process 'svchost.exe' - '42' Module(s) have been scanned
Scan process 'svchost.exe' - '56' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '36' Module(s) have been scanned
Scan process 'lsass.exe' - '60' Module(s) have been scanned
Scan process 'services.exe' - '29' Module(s) have been scanned
Scan process 'winlogon.exe' - '78' Module(s) have been scanned
Scan process 'csrss.exe' - '16' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '1777' files ).


Starting the file scan:

Begin scan in 'C:\' <OS>
C:\Documents and Settings\GREN Marketing\Application Data\Sun\Java\Deployment\cache\6.0\21\34b75915-112ae195
[DETECTION] Is the TR/Hiloti.8.1 Trojan
C:\Documents and Settings\GREN Marketing\Application Data\Sun\Java\Deployment\cache\6.0\21\34b75915-1f961cc0
[DETECTION] Is the TR/Hiloti.8.1 Trojan
C:\Documents and Settings\GREN Marketing\Application Data\Sun\Java\Deployment\cache\6.0\21\34b75915-21c9244c
[DETECTION] Is the TR/Hiloti.8.1 Trojan
C:\Documents and Settings\GREN Marketing\Application Data\Sun\Java\Deployment\cache\6.0\21\34b75915-37e07008
[DETECTION] Is the TR/Hiloti.8.1 Trojan
C:\Documents and Settings\GREN Marketing\Application Data\Sun\Java\Deployment\cache\6.0\21\34b75915-387e273f
[DETECTION] Is the TR/Hiloti.8.1 Trojan
C:\Documents and Settings\GREN Marketing\Application Data\Sun\Java\Deployment\cache\6.0\21\34b75915-4bd38652
[DETECTION] Is the TR/Hiloti.8.1 Trojan
C:\Documents and Settings\GREN Marketing\Application Data\Sun\Java\Deployment\cache\6.0\21\34b75915-65d68683
[DETECTION] Is the TR/Hiloti.8.1 Trojan
C:\Documents and Settings\GREN Marketing\Application Data\Sun\Java\Deployment\cache\6.0\21\34b75915-6a03db21
[DETECTION] Is the TR/Hiloti.8.1 Trojan
C:\Documents and Settings\GREN Marketing\Application Data\Sun\Java\Deployment\cache\6.0\21\34b75915-7e79367a
[DETECTION] Is the TR/Hiloti.8.1 Trojan

Beginning disinfection:
C:\Documents and Settings\GREN Marketing\Application Data\Sun\Java\Deployment\cache\6.0\21\34b75915-7e79367a
[DETECTION] Is the TR/Hiloti.8.1 Trojan
[NOTE] The file was moved to the quarantine directory under the name '4dbddde8.qua'.
C:\Documents and Settings\GREN Marketing\Application Data\Sun\Java\Deployment\cache\6.0\21\34b75915-6a03db21
[DETECTION] Is the TR/Hiloti.8.1 Trojan
[NOTE] The file was moved to the quarantine directory under the name '552af24f.qua'.
C:\Documents and Settings\GREN Marketing\Application Data\Sun\Java\Deployment\cache\6.0\21\34b75915-65d68683
[DETECTION] Is the TR/Hiloti.8.1 Trojan
[NOTE] The file was moved to the quarantine directory under the name '0775a8a7.qua'.
C:\Documents and Settings\GREN Marketing\Application Data\Sun\Java\Deployment\cache\6.0\21\34b75915-4bd38652
[DETECTION] Is the TR/Hiloti.8.1 Trojan
[NOTE] The file was moved to the quarantine directory under the name '6142e765.qua'.
C:\Documents and Settings\GREN Marketing\Application Data\Sun\Java\Deployment\cache\6.0\21\34b75915-387e273f
[DETECTION] Is the TR/Hiloti.8.1 Trojan
[NOTE] The file was moved to the quarantine directory under the name '24c6caa4.qua'.
C:\Documents and Settings\GREN Marketing\Application Data\Sun\Java\Deployment\cache\6.0\21\34b75915-37e07008
[DETECTION] Is the TR/Hiloti.8.1 Trojan
[NOTE] The file was moved to the quarantine directory under the name '5bddf8c5.qua'.
C:\Documents and Settings\GREN Marketing\Application Data\Sun\Java\Deployment\cache\6.0\21\34b75915-21c9244c
[DETECTION] Is the TR/Hiloti.8.1 Trojan
[NOTE] The file was moved to the quarantine directory under the name '1765d48f.qua'.
C:\Documents and Settings\GREN Marketing\Application Data\Sun\Java\Deployment\cache\6.0\21\34b75915-1f961cc0
[DETECTION] Is the TR/Hiloti.8.1 Trojan
[NOTE] The file was moved to the quarantine directory under the name '6b7d94df.qua'.
C:\Documents and Settings\GREN Marketing\Application Data\Sun\Java\Deployment\cache\6.0\21\34b75915-112ae195
[DETECTION] Is the TR/Hiloti.8.1 Trojan
[NOTE] The file was moved to the quarantine directory under the name '4627bb92.qua'.


End of the scan: Monday, April 18, 2011 13:47









:D

Thanks in advance
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP