prose072
-
Posts
10 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by prose072
-
-
TrendSecure
Trend Micro
Your current Web browser may not display this site properly.
TrendSecure performs best when opened with the latest version of either Microsoft Internet Explorer or Mozilla Firefox.
Comparison of your HijackThis log file items to others
The table below compares the items HijackThis found on your computer with those on other people's computers. The column "% of PCs with item" indicates what percent of other people's HijackThis log files contain the item in that row of the table. Additional information will be provided as more HijackThis log files are added to the AnalyzeThis database.
Each entry is coded to indicate the type of item it is on your computer. An explanation of these codes may be found at the bottom of this page.
Index % of PCs with item Code Data
1 0.0% O1 ::1 localhost
2 0.0% O13
69 0.0% O8 Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
70 0.0% O8 Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
76 0.0% P01 C:\WINDOWS\Explorer.EXE
77 0.0% P01 C:\Program Files\Internet Explorer\iexplore.exe
78 0.0% P01 C:\WINDOWS\system32\NOTEPAD.EXE
79 0.0% P01 C:\WINDOWS\system32\taskmgr.exe
80 0.0% P01 C:\Windows\ehome\ehtray.exe
81 0.0% P01 C:\Windows\ehome\ehmsas.exe
82 0.0% P01 C:\Program Files\Windows Media Player\wmpnscfg.exe
83 0.0% P01 C:\Windows\system32\taskeng.exe
84 0.0% P01 C:\Windows\system32\Dwm.exe
85 0.0% P01 C:\Windows\system32\wbem\unsecapp.exe
86 0.0% P01 C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
87 0.0% P01 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
88 0.0% P01 C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
89 0.0% P01 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
90 0.0% P01 C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
91 0.0% P01 C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
92 0.0% P01 C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
93 0.0% P01 C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
94 0.0% R0 HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
95 0.0% R0 HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
96 0.0% R0 HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
97 0.0% R0 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
98 0.0% R1 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
99 0.0% R1 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
100 0.0% R1 HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
101 0.0% R1 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
102 0.0% R1 HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
Explanation of the codes
R - Registry, StartPage/SearchPage changes
R0 - Changed registry value
R1 - Created registry value
R2 - Created registry key
R3 - Created extra registry value where only one should be
F - IniFiles, autoloading entries
F0 - Changed inifile value
F1 - Created inifile value
F2 - Changed inifile value, mapped to Registry
F3 - Created inifile value, mapped to Registry
N - Netscape/Mozilla StartPage/SearchPage changes
N1 - Change in prefs.js of Netscape 4.x
N2 - Change in prefs.js of Netscape 6
N3 - Change in prefs.js of Netscape 7
N4 - Change in prefs.js of Mozilla
O - Other, several sections which represent:
O1 - Hijack of auto.search.msn.com with Hosts file
O2 - Enumeration of existing MSIE BHO's
O3 - Enumeration of existing MSIE toolbars
O4 - Enumeration of suspicious autoloading Registry entries
O5 - Blocking of loading Internet Options in Control Panel
O6 - Disabling of 'Internet Options' Main tab with Policies
O7 - Disabling of Regedit with Policies
O8 - Extra MSIE context menu items
O9 - Extra 'Tools' menuitems and buttons
O10 - Breaking of Internet access by New.Net or WebHancer
O11 - Extra options in MSIE 'Advanced' settings tab
O12 - MSIE plugins for file extensions or MIME types
O13 - Hijack of default URL prefixes
O14 - Changing of IERESET.INF
O15 - Trusted Zone Autoadd
O16 - Download Program Files item
O17 - Domain hijack
O18 - Enumeration of existing protocols and filters
O19 - User stylesheet hijack
O20 - AppInit_DLLs autorun Registry value, Winlogon Notify Registry keys
O21 - ShellServiceObjectDelayLoad (SSODL) autorun Registry key
O22 - SharedTaskScheduler autorun Registry key
O23 - Enumeration of NT Services
O24 - Enumeration of ActiveX Desktop Components
-
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:28:24 PM, on 9/20/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Microsoft Windows OneCare Live\WinSSNotifyE.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\System32\notepad.exe
C:\Windows\System32\notepad.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\COMMON~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Cooliris Plug-In for Internet Explorer - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\cooliris.dll
O2 - BHO: TBSB03621 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\CommentsBar\tbcore3.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: CommentsBar - {5A0035AB-8F83-4D03-BE4E-C8267A3A4A1A} - C:\Program Files\CommentsBar\tbcore3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll
O4 - HKLM\..\Run: [DT HPW] C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe -HPW
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\cooliris.dll
O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O13 - Gopher Prefix:
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/...s/wlscctrl2.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...tDetection2.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe
O23 - Service: Google Update Service (gupdate1c9965fc0d2f60) (gupdate1c9965fc0d2f60) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel® Viiv Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: MotoConnect Service - Unknown owner - C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Portrait Displays SDK Service (PdiService) - Portrait Displays, Inc. - C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 12060 bytes
Avira AntiVir Personal
Report file date: Sunday, September 20, 2009 17:19
Scanning for 1729942 virus strains and unwanted programs.
Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows Vista
Windows version : (Service Pack 2) [6.0.6002]
Boot mode : Normally booted
Username : SYSTEM
Computer name : MUSTANGGT500
Version information:
BUILD.DAT : 9.0.0.407 17961 Bytes 7/29/2009 10:34:00
AVSCAN.EXE : 9.0.3.7 466689 Bytes 7/21/2009 19:36:14
AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 16:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 17:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 16:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 18:30:36
ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 6/24/2009 15:21:42
ANTIVIR2.VDF : 7.1.6.1 3857920 Bytes 9/16/2009 21:12:02
ANTIVIR3.VDF : 7.1.6.13 181248 Bytes 9/18/2009 21:12:11
Engineversion : 8.2.1.19
AEVDF.DLL : 8.1.1.2 106867 Bytes 9/20/2009 21:12:18
AESCRIPT.DLL : 8.1.2.31 475513 Bytes 9/20/2009 21:12:18
AESCN.DLL : 8.1.2.5 127346 Bytes 9/20/2009 21:12:17
AERDL.DLL : 8.1.2.4 430452 Bytes 7/23/2009 15:59:39
AEPACK.DLL : 8.2.0.0 422261 Bytes 9/20/2009 21:12:16
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 7/23/2009 15:59:39
AEHEUR.DLL : 8.1.0.155 1921400 Bytes 9/20/2009 21:12:15
AEHELP.DLL : 8.1.7.0 237940 Bytes 9/20/2009 21:12:13
AEGEN.DLL : 8.1.1.63 364916 Bytes 9/20/2009 21:12:13
AEEMU.DLL : 8.1.0.9 393588 Bytes 10/9/2008 20:32:40
AECORE.DLL : 8.1.8.1 184693 Bytes 9/20/2009 21:12:12
AEBB.DLL : 8.1.0.3 53618 Bytes 10/9/2008 20:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 14:47:59
AVPREF.DLL : 9.0.0.1 43777 Bytes 12/5/2008 16:32:15
AVREP.DLL : 8.0.0.3 155905 Bytes 1/20/2009 20:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 16:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 21:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 16:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 21:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 14:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 16:32:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 5/15/2009 21:39:58
RCTEXT.DLL : 9.0.37.0 86785 Bytes 4/17/2009 16:19:48
Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:, E:, F:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+SPR,
Start of the scan: Sunday, September 20, 2009 17:19
Starting search for hidden objects.
'218233' objects were checked, '0' hidden objects were found.
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'wlcomm.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'winssnotifye.exe' - '1' Module(s) have been scanned
Scan process 'HijackThis.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'FlashUtil10c.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarUser_32.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'taskmgr.exe' - '1' Module(s) have been scanned
Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
Scan process 'winssnotify.exe' - '1' Module(s) have been scanned
Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
Scan process 'ehrecvr.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'ehsched.exe' - '1' Module(s) have been scanned
Scan process 'WLIDSVCM.EXE' - '1' Module(s) have been scanned
Scan process 'WUDFHost.exe' - '1' Module(s) have been scanned
Scan process 'winss.exe' - '1' Module(s) have been scanned
Scan process 'msfwsvc.exe' - '1' Module(s) have been scanned
Scan process 'MotoConnect.exe' - '1' Module(s) have been scanned
Scan process 'YahooAUService.exe' - '1' Module(s) have been scanned
Scan process 'XAudio.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'WLIDSVC.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sqlwriter.exe' - '1' Module(s) have been scanned
Scan process 'sqlbrowser.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'pdisrvc.exe' - '1' Module(s) have been scanned
Scan process 'OcHealthMon.exe' - '1' Module(s) have been scanned
Scan process 'MotoConnectService.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'IAANTmon.exe' - '1' Module(s) have been scanned
Scan process 'PresentationFontCache.exe' - '1' Module(s) have been scanned
Scan process 'DTSRVC.exe' - '1' Module(s) have been scanned
Scan process 'DQLWinService.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'GoogleCrashHandler.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'dwm.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'audiodg.exe' - '0' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'MsMpEng.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvvsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
80 processes with 80 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[iNFO] No virus was found!
Master boot sector HD1
[iNFO] No virus was found!
Master boot sector HD2
[iNFO] No virus was found!
[iNFO] Please restart the search with Administrator rights
Master boot sector HD3
[iNFO] No virus was found!
[iNFO] Please restart the search with Administrator rights
Master boot sector HD4
[iNFO] No virus was found!
[iNFO] Please restart the search with Administrator rights
Master boot sector HD5
[iNFO] No virus was found!
[iNFO] Please restart the search with Administrator rights
Start scanning boot sectors:
Boot sector 'C:\'
[iNFO] No virus was found!
Boot sector 'D:\'
[iNFO] No virus was found!
Boot sector 'E:\'
[iNFO] No virus was found!
Boot sector 'F:\'
[iNFO] No virus was found!
Starting to scan executable files (registry).
The registry was scanned ( '40' files ).
Starting the file scan:
Begin scan in 'C:\' <Local Disk>
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\hp\bin\KillIt.exe
[DETECTION] Contains recognition pattern of the APPL/KillApp.A application
C:\hp\HPQWare\BTBHost\SetACL.exe
[DETECTION] Contains recognition pattern of the APPL/ACLSet application
C:\Users\Mike & Shasty\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\4839f1b9-429f9147
[0] Archive type: ZIP
--> vlocal.class
[DETECTION] Is the TR/Dldr.Java.OpenConnection.AT Trojan
C:\Users\Mike & Shasty\Documents\c00042301[1].pdf
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
C:\Users\Mike & Shasty\Documents\c00042301[1]_1.pdf
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
C:\Users\Mike & Shasty\Documents\c00042301[1]_2.pdf
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
C:\Users\Mike & Shasty\Documents\c00042301[1]_3.pdf
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
C:\Users\Mike & Shasty\Documents\c00042301[1]_4.pdf
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
C:\Users\Mike & Shasty\Documents\c00042301[1]_5.pdf
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
C:\Users\Mike &
Shasty\Pictures\4CA3UAIX1CAW3AIUDCAJ7LUX1CAB4M1RRCAJZ4NYKCAGKX9RPCAAPM3FMCA07U9RUCAO
69ZGBCAOFICFACAL8JTOGCA56GUAGCAIIQ97JCAFJSKMXCA52V38TCAEBXJEMCA1HLG8XCA3T98IO.jp
g
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
C:\Users\Mike &
Shasty\Pictures\4CA3UAIX1CAW3AIUDCAJ7LUX1CAB4M1RRCAJZ4NYKCAGKX9RPCAAPM3FMCA07U9RUCAO
69ZGBCAOFICFACAL8JTOGCA56GUAGCAIIQ97JCAFJSKMXCA52V38TCAEBXJEMCA1HLG8XCA3T98IO_1.
jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
C:\Users\Mike &
Shasty\Pictures\4CA3UAIX1CAW3AIUDCAJ7LUX1CAB4M1RRCAJZ4NYKCAGKX9RPCAAPM3FMCA07U9RUCAO
69ZGBCAOFICFACAL8JTOGCA56GUAGCAIIQ97JCAFJSKMXCA52V38TCAEBXJEMCA1HLG8XCA3T98IO_2.
jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
C:\Users\Mike &
Shasty\Pictures\4CA3UAIX1CAW3AIUDCAJ7LUX1CAB4M1RRCAJZ4NYKCAGKX9RPCAAPM3FMCA07U9RUCAO
69ZGBCAOFICFACAL8JTOGCA56GUAGCAIIQ97JCAFJSKMXCA52V38TCAEBXJEMCA1HLG8XCA3T98IO_3.
jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
C:\Users\Mike &
Shasty\Pictures\4CA3UAIX1CAW3AIUDCAJ7LUX1CAB4M1RRCAJZ4NYKCAGKX9RPCAAPM3FMCA07U9RUCAO
69ZGBCAOFICFACAL8JTOGCA56GUAGCAIIQ97JCAFJSKMXCA52V38TCAEBXJEMCA1HLG8XCA3T98IO_4.
jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
C:\Users\Mike &
Shasty\Pictures\4CA3UAIX1CAW3AIUDCAJ7LUX1CAB4M1RRCAJZ4NYKCAGKX9RPCAAPM3FMCA07U9RUCAO
69ZGBCAOFICFACAL8JTOGCA56GUAGCAIIQ97JCAFJSKMXCA52V38TCAEBXJEMCA1HLG8XCA3T98IO_5.
jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
C:\Users\Mike &
Shasty\Pictures\4CA3UAIX1CAW3AIUDCAJ7LUX1CAB4M1RRCAJZ4NYKCAGKX9RPCAAPM3FMCA07U9RUCAO
69ZGBCAOFICFACAL8JTOGCA56GUAGCAIIQ97JCAFJSKMXCA52V38TCAEBXJEMCA1HLG8XCA3T98IO_6.
jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
C:\Users\Mike &
Shasty\Pictures\4CA3UAIX1CAW3AIUDCAJ7LUX1CAB4M1RRCAJZ4NYKCAGKX9RPCAAPM3FMCA07U9RUCAO
69ZGBCAOFICFACAL8JTOGCA56GUAGCAIIQ97JCAFJSKMXCA52V38TCAEBXJEMCA1HLG8XCA3T98IO_7.
jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
C:\Users\Mike &
Shasty\Pictures\6CAWNL31LCAFES9A0CAOYLMTYCATGFF96CARYEOS3CA5E9FWZCAUAC07JCAZU9KFCCAZ
GC7QVCATGUZF4CAU81XE2CAN1TK6DCAJHVL9UCAPQORV8CAGX5E2NCAPDC7V5CAGAUAP8CAT643YZ.jp
g
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
C:\Users\Mike &
Shasty\Pictures\6CAWNL31LCAFES9A0CAOYLMTYCATGFF96CARYEOS3CA5E9FWZCAUAC07JCAZU9KFCCAZ
GC7QVCATGUZF4CAU81XE2CAN1TK6DCAJHVL9UCAPQORV8CAGX5E2NCAPDC7V5CAGAUAP8CAT643YZ_1.
jp
g
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
C:\Users\Mike &
Shasty\Pictures\6CAWNL31LCAFES9A0CAOYLMTYCATGFF96CARYEOS3CA5E9FWZCAUAC07JCAZU9KFCCAZ
GC7QVCATGUZF4CAU81XE2CAN1TK6DCAJHVL9UCAPQORV8CAGX5E2NCAPDC7V5CAGAUAP8CAT643YZ_2.
jp
g
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
C:\Users\Mike &
Shasty\Pictures\6CAWNL31LCAFES9A0CAOYLMTYCATGFF96CARYEOS3CA5E9FWZCAUAC07JCAZU9KFCCAZ
GC7QVCATGUZF4CAU81XE2CAN1TK6DCAJHVL9UCAPQORV8CAGX5E2NCAPDC7V5CAGAUAP8CAT643YZ_3.
jp
g
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
C:\Users\Mike & Shasty\Pictures\7E15BBE59FB3777B2FFCDD4918915[1].jpg
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\Users\Mike & Shasty\Pictures\7E15BBE59FB3777B2FFCDD4918915[1]_1.jpg
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\Users\Mike & Shasty\Pictures\7E15BBE59FB3777B2FFCDD4918915[1]_2.jpg
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\Users\Mike & Shasty\Pictures\7E15BBE59FB3777B2FFCDD4918915[1]_3.jpg
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\Users\Mike & Shasty\Pictures\7E15BBE59FB3777B2FFCDD4918915[1]_4.jpg
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\Users\Mike & Shasty\Pictures\7E15BBE59FB3777B2FFCDD4918915[1]_5.jpg
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\Users\Mike & Shasty\Pictures\7E15BBE59FB3777B2FFCDD4918915[1]_6.jpg
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\Users\Mike & Shasty\Pictures\7E15BBE59FB3777B2FFCDD4918915[1]_7.jpg
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\Users\Mike & Shasty\Pictures\dropshadow_1.png
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
C:\Users\Mike & Shasty\Pictures\dropshadow_10.png
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
C:\Users\Mike & Shasty\Pictures\dropshadow_4.png
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
C:\Users\Mike & Shasty\Pictures\dropshadow_7.png
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
C:\Users\Mike &
Shasty\Pictures\QCAD5MONVCABJQ143CAEO9UOUCAIRE8EECAHMB924CAT1PH8SCA80FXNMCAPCAMAZCA
36CQDBCAWX4NB9CAK8QYXXCADPK42JCAT9R4JYCAMJ6DNICAJ5PV35CA8S1S7GCAAPR4ZSCAZ6XQBV.j
pg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
C:\Users\Mike &
Shasty\Pictures\QCAD5MONVCABJQ143CAEO9UOUCAIRE8EECAHMB924CAT1PH8SCA80FXNMCAPCAMAZCA
36CQDBCAWX4NB9CAK8QYXXCADPK42JCAT9R4JYCAMJ6DNICAJ5PV35CA8S1S7GCAAPR4ZSCAZ6XQBV_1
.jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
C:\Users\Mike &
Shasty\Pictures\QCAD5MONVCABJQ143CAEO9UOUCAIRE8EECAHMB924CAT1PH8SCA80FXNMCAPCAMAZCA
36CQDBCAWX4NB9CAK8QYXXCADPK42JCAT9R4JYCAMJ6DNICAJ5PV35CA8S1S7GCAAPR4ZSCAZ6XQBV_2
.jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
C:\Users\Mike &
Shasty\Pictures\QCAD5MONVCABJQ143CAEO9UOUCAIRE8EECAHMB924CAT1PH8SCA80FXNMCAPCAMAZCA
36CQDBCAWX4NB9CAK8QYXXCADPK42JCAT9R4JYCAMJ6DNICAJ5PV35CA8S1S7GCAAPR4ZSCAZ6XQBV_3
.jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
C:\Users\Mike &
Shasty\Pictures\RCA429V0NCAWI2884CAMUCW4ZCAFKQ16XCAU6EKALCA7KEATQCAWSC4QDCAH1ZLVWC
ARR3FF0CASVOURCCAB0VUVOCAYF9OEXCAT8DHE9CATDPF88CAUMV7D3CACMQMSICA0RO5HUCATCSJ4D.
j
pg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
C:\Users\Mike &
Shasty\Pictures\RCA429V0NCAWI2884CAMUCW4ZCAFKQ16XCAU6EKALCA7KEATQCAWSC4QDCAH1ZLVWC
ARR3FF0CASVOURCCAB0VUVOCAYF9OEXCAT8DHE9CATDPF88CAUMV7D3CACMQMSICA0RO5HUCATCSJ4D_
1.jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
C:\Users\Mike &
Shasty\Pictures\RCA429V0NCAWI2884CAMUCW4ZCAFKQ16XCAU6EKALCA7KEATQCAWSC4QDCAH1ZLVWC
ARR3FF0CASVOURCCAB0VUVOCAYF9OEXCAT8DHE9CATDPF88CAUMV7D3CACMQMSICA0RO5HUCATCSJ4D_
2.jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
C:\Users\Mike &
Shasty\Pictures\RCA429V0NCAWI2884CAMUCW4ZCAFKQ16XCAU6EKALCA7KEATQCAWSC4QDCAH1ZLVWC
ARR3FF0CASVOURCCAB0VUVOCAYF9OEXCAT8DHE9CATDPF88CAUMV7D3CACMQMSICA0RO5HUCATCSJ4D_
3.jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
C:\Users\Mike &
Shasty\Pictures\RCA429V0NCAWI2884CAMUCW4ZCAFKQ16XCAU6EKALCA7KEATQCAWSC4QDCAH1ZLVWC
ARR3FF0CASVOURCCAB0VUVOCAYF9OEXCAT8DHE9CATDPF88CAUMV7D3CACMQMSICA0RO5HUCATCSJ4D_
4.jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
C:\Users\Mike &
Shasty\Pictures\RCA429V0NCAWI2884CAMUCW4ZCAFKQ16XCAU6EKALCA7KEATQCAWSC4QDCAH1ZLVWC
ARR3FF0CASVOURCCAB0VUVOCAYF9OEXCAT8DHE9CATDPF88CAUMV7D3CACMQMSICA0RO5HUCATCSJ4D_
5.jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
C:\Users\Mike &
Shasty\Pictures\RCA429V0NCAWI2884CAMUCW4ZCAFKQ16XCAU6EKALCA7KEATQCAWSC4QDCAH1ZLVWC
ARR3FF0CASVOURCCAB0VUVOCAYF9OEXCAT8DHE9CATDPF88CAUMV7D3CACMQMSICA0RO5HUCATCSJ4D_
6.jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
C:\Users\Mike &
Shasty\Pictures\RCA429V0NCAWI2884CAMUCW4ZCAFKQ16XCAU6EKALCA7KEATQCAWSC4QDCAH1ZLVWC
ARR3FF0CASVOURCCAB0VUVOCAYF9OEXCAT8DHE9CATDPF88CAUMV7D3CACMQMSICA0RO5HUCATCSJ4D_
7.jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
C:\Users\Mike & Shasty\Pictures\S_1_~1_13.PNG
[DETECTION] Is the TR/Unpacked.Gen Trojan
C:\Users\Mike & Shasty\Pictures\S_1_~1_5.PNG
[DETECTION] Is the TR/Unpacked.Gen Trojan
C:\Users\Mike & Shasty\Pictures\S_1_~1_9.PNG
[DETECTION] Is the TR/Unpacked.Gen Trojan
C:\Users\Mike & Shasty\Pictures\[004936].jpg
[DETECTION] Contains HEUR/HTML.Malware suspicious code
C:\Users\Mike & Shasty\Pictures\[004936]_1.jpg
[DETECTION] Contains HEUR/HTML.Malware suspicious code
C:\Users\Mike & Shasty\Pictures\[004936]_2.jpg
[DETECTION] Contains HEUR/HTML.Malware suspicious code
C:\Users\Mike & Shasty\Pictures\[004936]_3.jpg
[DETECTION] Contains HEUR/HTML.Malware suspicious code
C:\Users\Mike & Shasty\Pictures\[005783].jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
C:\Users\Mike & Shasty\Pictures\[005783]_1.jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
C:\Users\Mike & Shasty\Pictures\[005783]_2.jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
C:\Users\Mike & Shasty\Pictures\[005942].jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
C:\Users\Mike & Shasty\Pictures\[005942]_1.jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
C:\Users\Mike & Shasty\Pictures\[007773].jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
C:\Users\Mike & Shasty\Pictures\[007773]_1.jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
C:\Users\Mike & Shasty\Pictures\[007773]_2.jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
C:\Users\Mike & Shasty\Pictures\[007773]_3.jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
C:\Users\Mike & Shasty\Pictures\Recovered Images\[000263].jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
C:\Users\Mike & Shasty\Pictures\Recovered Images\[003289].jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
C:\Users\Mike & Shasty\Pictures\Recovered Images\[003289]_1.jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
C:\Users\Mike & Shasty\Pictures\Recovered Images\[003289]_2.jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
C:\Users\Mike & Shasty\Pictures\Recovered Images\[003289]_3.jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
Begin scan in 'D:\' <Recovery>
Begin scan in 'E:\'
E:\Backup files\Documents\c00042301[1].pdf
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
E:\Backup files\Documents\c00042301[1]_1.pdf
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
E:\Backup files\Documents\c00042301[1]_2.pdf
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
E:\Backup files\Documents\c00042301[1]_3.pdf
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
E:\Backup files\Documents\c00042301[1]_4.pdf
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
E:\Backup files\Documents\c00042301[1]_5.pdf
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
Begin scan in 'F:\'
Beginning disinfection:
C:\hp\bin\KillIt.exe
[DETECTION] Contains recognition pattern of the APPL/KillApp.A application
[NOTE] The file was moved to '4b22d7cd.qua'!
C:\hp\HPQWare\BTBHost\SetACL.exe
[DETECTION] Contains recognition pattern of the APPL/ACLSet application
[NOTE] The file was moved to '4b2ad7c9.qua'!
C:\Users\Mike & Shasty\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\4839f1b9-429f9147
[NOTE] The file was moved to '4ae9d79c.qua'!
C:\Users\Mike & Shasty\Documents\c00042301[1].pdf
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
[NOTE] The file was moved to '4ae6d794.qua'!
C:\Users\Mike & Shasty\Documents\c00042301[1]_1.pdf
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
[NOTE] The file was moved to '4c1649ed.qua'!
C:\Users\Mike & Shasty\Documents\c00042301[1]_2.pdf
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
[NOTE] The file was moved to '4c2a5fad.qua'!
C:\Users\Mike & Shasty\Documents\c00042301[1]_3.pdf
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
[NOTE] The file was moved to '4c0aa8cd.qua'!
C:\Users\Mike & Shasty\Documents\c00042301[1]_4.pdf
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
[NOTE] The file was moved to '4c14799d.qua'!
C:\Users\Mike & Shasty\Documents\c00042301[1]_5.pdf
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
[NOTE] The file was moved to '4c08597d.qua'!
C:\Users\Mike &
Shasty\Pictures\4CA3UAIX1CAW3AIUDCAJ7LUX1CAB4M1RRCAJZ4NYKCAGKX9RPCAAPM3FMCA07U9RUCAO
69ZGBCAOFICFACAL8JTOGCA56GUAGCAIIQ97JCAFJSKMXCA52V38TCAEBXJEMCA1HLG8XCA3T98IO.jp
g
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
[NOTE] The file was moved to '4af7d7a7.qua'!
C:\Users\Mike &
Shasty\Pictures\4CA3UAIX1CAW3AIUDCAJ7LUX1CAB4M1RRCAJZ4NYKCAGKX9RPCAAPM3FMCA07U9RUCAO
69ZGBCAOFICFACAL8JTOGCA56GUAGCAIIQ97JCAFJSKMXCA52V38TCAEBXJEMCA1HLG8XCA3T98IO_1.
jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
[NOTE] The file was moved to '4c0671e8.qua'!
C:\Users\Mike &
Shasty\Pictures\4CA3UAIX1CAW3AIUDCAJ7LUX1CAB4M1RRCAJZ4NYKCAGKX9RPCAAPM3FMCA07U9RUCAO
69ZGBCAOFICFACAL8JTOGCA56GUAGCAIIQ97JCAFJSKMXCA52V38TCAEBXJEMCA1HLG8XCA3T98IO_2.
jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
[NOTE] The file was moved to '4c394060.qua'!
C:\Users\Mike &
Shasty\Pictures\4CA3UAIX1CAW3AIUDCAJ7LUX1CAB4M1RRCAJZ4NYKCAGKX9RPCAAPM3FMCA07U9RUCAO
69ZGBCAOFICFACAL8JTOGCA56GUAGCAIIQ97JCAFJSKMXCA52V38TCAEBXJEMCA1HLG8XCA3T98IO_3.
jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
[NOTE] The file was moved to '4c184118.qua'!
C:\Users\Mike &
Shasty\Pictures\4CA3UAIX1CAW3AIUDCAJ7LUX1CAB4M1RRCAJZ4NYKCAGKX9RPCAAPM3FMCA07U9RUCAO
69ZGBCAOFICFACAL8JTOGCA56GUAGCAIIQ97JCAFJSKMXCA52V38TCAEBXJEMCA1HLG8XCA3T98IO_4.
jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
[NOTE] The file was moved to '4c9258f0.qua'!
C:\Users\Mike &
Shasty\Pictures\4CA3UAIX1CAW3AIUDCAJ7LUX1CAB4M1RRCAJZ4NYKCAGKX9RPCAAPM3FMCA07U9RUCAO
69ZGBCAOFICFACAL8JTOGCA56GUAGCAIIQ97JCAFJSKMXCA52V38TCAEBXJEMCA1HLG8XCA3T98IO_5.
jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
[NOTE] The file was moved to '4af7d7a8.qua'!
C:\Users\Mike &
Shasty\Pictures\4CA3UAIX1CAW3AIUDCAJ7LUX1CAB4M1RRCAJZ4NYKCAGKX9RPCAAPM3FMCA07U9RUCAO
69ZGBCAOFICFACAL8JTOGCA56GUAGCAIIQ97JCAFJSKMXCA52V38TCAEBXJEMCA1HLG8XCA3T98IO_6.
jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
[NOTE] The file was moved to '4ca45941.qua'!
C:\Users\Mike &
Shasty\Pictures\4CA3UAIX1CAW3AIUDCAJ7LUX1CAB4M1RRCAJZ4NYKCAGKX9RPCAAPM3FMCA07U9RUCAO
69ZGBCAOFICFACAL8JTOGCA56GUAGCAIIQ97JCAFJSKMXCA52V38TCAEBXJEMCA1HLG8XCA3T98IO_7.
jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
[NOTE] The file was moved to '4c914089.qua'!
C:\Users\Mike &
Shasty\Pictures\6CAWNL31LCAFES9A0CAOYLMTYCATGFF96CARYEOS3CA5E9FWZCAUAC07JCAZU9KFCCAZ
GC7QVCATGUZF4CAU81XE2CAN1TK6DCAJHVL9UCAPQORV8CAGX5E2NCAPDC7V5CAGAUAP8CAT643YZ.jp
g
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
[NOTE] The file was moved to '4c1dddb9.qua'!
C:\Users\Mike &
Shasty\Pictures\6CAWNL31LCAFES9A0CAOYLMTYCATGFF96CARYEOS3CA5E9FWZCAUAC07JCAZU9KFCCAZ
GC7QVCATGUZF4CAU81XE2CAN1TK6DCAJHVL9UCAPQORV8CAGX5E2NCAPDC7V5CAGAUAP8CAT643YZ_1.
jp
g
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
[NOTE] The file was moved to '4c1cc671.qua'!
C:\Users\Mike &
Shasty\Pictures\6CAWNL31LCAFES9A0CAOYLMTYCATGFF96CARYEOS3CA5E9FWZCAUAC07JCAZU9KFCCAZ
GC7QVCATGUZF4CAU81XE2CAN1TK6DCAJHVL9UCAPQORV8CAGX5E2NCAPDC7V5CAGAUAP8CAT643YZ_2.
jp
g
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
[NOTE] The file was moved to '462c6851.qua'!
C:\Users\Mike &
Shasty\Pictures\6CAWNL31LCAFES9A0CAOYLMTYCATGFF96CARYEOS3CA5E9FWZCAUAC07JCAZU9KFCCAZ
GC7QVCATGUZF4CAU81XE2CAN1TK6DCAJHVL9UCAPQORV8CAGX5E2NCAPDC7V5CAGAUAP8CAT643YZ_3.
jp
g
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
[NOTE] The file was moved to '462b1069.qua'!
C:\Users\Mike & Shasty\Pictures\7E15BBE59FB3777B2FFCDD4918915[1].jpg
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '4ae7d7aa.qua'!
C:\Users\Mike & Shasty\Pictures\7E15BBE59FB3777B2FFCDD4918915[1]_1.jpg
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '4631a833.qua'!
C:\Users\Mike & Shasty\Pictures\7E15BBE59FB3777B2FFCDD4918915[1]_2.jpg
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '463050cb.qua'!
C:\Users\Mike & Shasty\Pictures\7E15BBE59FB3777B2FFCDD4918915[1]_3.jpg
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '463f5883.qua'!
C:\Users\Mike & Shasty\Pictures\7E15BBE59FB3777B2FFCDD4918915[1]_4.jpg
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '463e415b.qua'!
C:\Users\Mike & Shasty\Pictures\7E15BBE59FB3777B2FFCDD4918915[1]_5.jpg
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '4da0e8f3.qua'!
C:\Users\Mike & Shasty\Pictures\7E15BBE59FB3777B2FFCDD4918915[1]_6.jpg
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '4daf908b.qua'!
C:\Users\Mike & Shasty\Pictures\7E15BBE59FB3777B2FFCDD4918915[1]_7.jpg
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '4dae9943.qua'!
C:\Users\Mike & Shasty\Pictures\dropshadow_1.png
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
[NOTE] The file was moved to '4b25d7d7.qua'!
C:\Users\Mike & Shasty\Pictures\dropshadow_10.png
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
[NOTE] The file was moved to '4b25d7d8.qua'!
C:\Users\Mike & Shasty\Pictures\dropshadow_4.png
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
[NOTE] The file was moved to '4d55eaa9.qua'!
C:\Users\Mike & Shasty\Pictures\dropshadow_7.png
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
[NOTE] The file was moved to '4d5492e1.qua'!
C:\Users\Mike &
Shasty\Pictures\QCAD5MONVCABJQ143CAEO9UOUCAIRE8EECAHMB924CAT1PH8SCA80FXNMCAPCAMAZCA
36CQDBCAWX4NB9CAK8QYXXCADPK42JCAT9R4JYCAMJ6DNICAJ5PV35CA8S1S7GCAAPR4ZSCAZ6XQBV.j
pg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
[NOTE] The file was moved to '4af7d7a9.qua'!
C:\Users\Mike &
Shasty\Pictures\QCAD5MONVCABJQ143CAEO9UOUCAIRE8EECAHMB924CAT1PH8SCA80FXNMCAPCAMAZCA
36CQDBCAWX4NB9CAK8QYXXCADPK42JCAT9R4JYCAMJ6DNICAJ5PV35CA8S1S7GCAAPR4ZSCAZ6XQBV_1
.jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
[NOTE] The file was moved to '4c046b72.qua'!
C:\Users\Mike &
Shasty\Pictures\QCAD5MONVCABJQ143CAEO9UOUCAIRE8EECAHMB924CAT1PH8SCA80FXNMCAPCAMAZCA
36CQDBCAWX4NB9CAK8QYXXCADPK42JCAT9R4JYCAMJ6DNICAJ5PV35CA8S1S7GCAAPR4ZSCAZ6XQBV_2
.jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
[NOTE] The file was moved to '4c03130a.qua'!
C:\Users\Mike &
Shasty\Pictures\QCAD5MONVCABJQ143CAEO9UOUCAIRE8EECAHMB924CAT1PH8SCA80FXNMCAPCAMAZCA
36CQDBCAWX4NB9CAK8QYXXCADPK42JCAT9R4JYCAMJ6DNICAJ5PV35CA8S1S7GCAAPR4ZSCAZ6XQBV_3
.jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
[NOTE] The file was moved to '4c021bc2.qua'!
C:\Users\Mike &
Shasty\Pictures\RCA429V0NCAWI2884CAMUCW4ZCAFKQ16XCAU6EKALCA7KEATQCAWSC4QDCAH1ZLVWC
ARR3FF0CASVOURCCAB0VUVOCAYF9OEXCAT8DHE9CATDPF88CAUMV7D3CACMQMSICA0RO5HUCATCSJ4D.
j
pg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
[NOTE] The file was moved to '4c01039a.qua'!
C:\Users\Mike &
Shasty\Pictures\RCA429V0NCAWI2884CAMUCW4ZCAFKQ16XCAU6EKALCA7KEATQCAWSC4QDCAH1ZLVWC
ARR3FF0CASVOURCCAB0VUVOCAYF9OEXCAT8DHE9CATDPF88CAUMV7D3CACMQMSICA0RO5HUCATCSJ4D_
1.jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
[NOTE] The file was moved to '4c000c52.qua'!
C:\Users\Mike &
Shasty\Pictures\RCA429V0NCAWI2884CAMUCW4ZCAFKQ16XCAU6EKALCA7KEATQCAWSC4QDCAH1ZLVWC
ARR3FF0CASVOURCCAB0VUVOCAYF9OEXCAT8DHE9CATDPF88CAUMV7D3CACMQMSICA0RO5HUCATCSJ4D_
2.jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
[NOTE] The file was moved to '4c0f346a.qua'!
C:\Users\Mike &
Shasty\Pictures\RCA429V0NCAWI2884CAMUCW4ZCAFKQ16XCAU6EKALCA7KEATQCAWSC4QDCAH1ZLVWC
ARR3FF0CASVOURCCAB0VUVOCAYF9OEXCAT8DHE9CATDPF88CAUMV7D3CACMQMSICA0RO5HUCATCSJ4D_
3.jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
[NOTE] The file was moved to '4c0e3c22.qua'!
C:\Users\Mike &
Shasty\Pictures\RCA429V0NCAWI2884CAMUCW4ZCAFKQ16XCAU6EKALCA7KEATQCAWSC4QDCAH1ZLVWC
ARR3FF0CASVOURCCAB0VUVOCAYF9OEXCAT8DHE9CATDPF88CAUMV7D3CACMQMSICA0RO5HUCATCSJ4D_
4.jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
[NOTE] The file was moved to '4c0d24fa.qua'!
C:\Users\Mike &
Shasty\Pictures\RCA429V0NCAWI2884CAMUCW4ZCAFKQ16XCAU6EKALCA7KEATQCAWSC4QDCAH1ZLVWC
ARR3FF0CASVOURCCAB0VUVOCAYF9OEXCAT8DHE9CATDPF88CAUMV7D3CACMQMSICA0RO5HUCATCSJ4D_
5.jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
[NOTE] The file was moved to '4ca2428a.qua'!
C:\Users\Mike &
Shasty\Pictures\RCA429V0NCAWI2884CAMUCW4ZCAFKQ16XCAU6EKALCA7KEATQCAWSC4QDCAH1ZLVWC
ARR3FF0CASVOURCCAB0VUVOCAYF9OEXCAT8DHE9CATDPF88CAUMV7D3CACMQMSICA0RO5HUCATCSJ4D_
6.jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
[NOTE] The file was moved to '4ca14b42.qua'!
C:\Users\Mike &
Shasty\Pictures\RCA429V0NCAWI2884CAMUCW4ZCAFKQ16XCAU6EKALCA7KEATQCAWSC4QDCAH1ZLVWC
ARR3FF0CASVOURCCAB0VUVOCAYF9OEXCAT8DHE9CATDPF88CAUMV7D3CACMQMSICA0RO5HUCATCSJ4D_
7.jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
[NOTE] The file was moved to '4ca0731a.qua'!
C:\Users\Mike & Shasty\Pictures\S_1_~1_13.PNG
[DETECTION] Is the TR/Unpacked.Gen Trojan
[NOTE] The file was moved to '4ae7d7c5.qua'!
C:\Users\Mike & Shasty\Pictures\S_1_~1_5.PNG
[DETECTION] Is the TR/Unpacked.Gen Trojan
[NOTE] The file was moved to '4cbe6386.qua'!
C:\Users\Mike & Shasty\Pictures\S_1_~1_9.PNG
[DETECTION] Is the TR/Unpacked.Gen Trojan
[NOTE] The file was moved to '4cbd6bce.qua'!
C:\Users\Mike & Shasty\Pictures\[004936].jpg
[DETECTION] Contains HEUR/HTML.Malware suspicious code
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '4ae6d796.qua'!
C:\Users\Mike & Shasty\Pictures\[004936]_1.jpg
[DETECTION] Contains HEUR/HTML.Malware suspicious code
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '4ae6d797.qua'!
C:\Users\Mike & Shasty\Pictures\[004936]_2.jpg
[DETECTION] Contains HEUR/HTML.Malware suspicious code
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '4dc8ee20.qua'!
C:\Users\Mike & Shasty\Pictures\[004936]_3.jpg
[DETECTION] Contains HEUR/HTML.Malware suspicious code
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '4c90bbb8.qua'!
C:\Users\Mike & Shasty\Pictures\[005783].jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
[NOTE] The file was moved to '4c958350.qua'!
C:\Users\Mike & Shasty\Pictures\[005783]_1.jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
[NOTE] The file was moved to '4ae6d798.qua'!
C:\Users\Mike & Shasty\Pictures\[005783]_2.jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
[NOTE] The file was moved to '4cbb04f9.qua'!
C:\Users\Mike & Shasty\Pictures\[005942].jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
[NOTE] The file was moved to '4cb80cb1.qua'!
C:\Users\Mike & Shasty\Pictures\[005942]_1.jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
[NOTE] The file was moved to '4cb93569.qua'!
C:\Users\Mike & Shasty\Pictures\[007773].jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
[NOTE] The file was moved to '4ae6d799.qua'!
C:\Users\Mike & Shasty\Pictures\[007773]_1.jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
[NOTE] The file was moved to '4ede0afa.qua'!
C:\Users\Mike & Shasty\Pictures\[007773]_2.jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
[NOTE] The file was moved to '4c928b0a.qua'!
C:\Users\Mike & Shasty\Pictures\[007773]_3.jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
[NOTE] The file was moved to '4c87251a.qua'!
C:\Users\Mike & Shasty\Pictures\Recovered Images\[000263].jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
[NOTE] The file was moved to '4ae6d79a.qua'!
C:\Users\Mike & Shasty\Pictures\Recovered Images\[003289].jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
[NOTE] The file was moved to '4edd2323.qua'!
C:\Users\Mike & Shasty\Pictures\Recovered Images\[003289]_1.jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
[NOTE] The file was moved to '4eda2b1b.qua'!
C:\Users\Mike & Shasty\Pictures\Recovered Images\[003289]_2.jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
[NOTE] The file was moved to '4ed8d3d3.qua'!
C:\Users\Mike & Shasty\Pictures\Recovered Images\[003289]_3.jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
[NOTE] The file was moved to '4ed9db8b.qua'!
E:\Backup files\Documents\c00042301[1].pdf
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
[NOTE] The file was moved to '4c0b5213.qua'!
E:\Backup files\Documents\c00042301[1]_1.pdf
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
[NOTE] The file was moved to '4edf32b3.qua'!
E:\Backup files\Documents\c00042301[1]_2.pdf
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
[NOTE] The file was moved to '4c82d58b.qua'!
E:\Backup files\Documents\c00042301[1]_3.pdf
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
[NOTE] The file was moved to '4ea4f4f3.qua'!
E:\Backup files\Documents\c00042301[1]_4.pdf
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
[NOTE] The file was moved to '4c842dd3.qua'!
E:\Backup files\Documents\c00042301[1]_5.pdf
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
[NOTE] The file was moved to '4ea6c443.qua'!
End of the scan: Sunday, September 20, 2009 20:31
Used time: 3:06:10 Hour(s)
The scan has been done completely.
26313 Scanned directories
955993 Files were scanned
68 Viruses and/or unwanted programs were found
4 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
72 Files were moved to quarantine
0 Files were renamed
1 Files cannot be scanned
955920 Files not concerned
6010 Archives were scanned
1 Warnings
73 Notes
218233 Objects were scanned with rootkit scan
0 Hidden objects were found
-
Avira AntiVir Personal
Report file date: Sunday, September 20, 2009 17:19
Scanning for 1729942 virus strains and unwanted programs.
Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows Vista
Windows version : (Service Pack 2) [6.0.6002]
Boot mode : Normally booted
Username : SYSTEM
Computer name : MUSTANGGT500
Version information:
BUILD.DAT : 9.0.0.407 17961 Bytes 7/29/2009 10:34:00
AVSCAN.EXE : 9.0.3.7 466689 Bytes 7/21/2009 19:36:14
AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 16:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 17:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 16:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 18:30:36
ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 6/24/2009 15:21:42
ANTIVIR2.VDF : 7.1.6.1 3857920 Bytes 9/16/2009 21:12:02
ANTIVIR3.VDF : 7.1.6.13 181248 Bytes 9/18/2009 21:12:11
Engineversion : 8.2.1.19
AEVDF.DLL : 8.1.1.2 106867 Bytes 9/20/2009 21:12:18
AESCRIPT.DLL : 8.1.2.31 475513 Bytes 9/20/2009 21:12:18
AESCN.DLL : 8.1.2.5 127346 Bytes 9/20/2009 21:12:17
AERDL.DLL : 8.1.2.4 430452 Bytes 7/23/2009 15:59:39
AEPACK.DLL : 8.2.0.0 422261 Bytes 9/20/2009 21:12:16
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 7/23/2009 15:59:39
AEHEUR.DLL : 8.1.0.155 1921400 Bytes 9/20/2009 21:12:15
AEHELP.DLL : 8.1.7.0 237940 Bytes 9/20/2009 21:12:13
AEGEN.DLL : 8.1.1.63 364916 Bytes 9/20/2009 21:12:13
AEEMU.DLL : 8.1.0.9 393588 Bytes 10/9/2008 20:32:40
AECORE.DLL : 8.1.8.1 184693 Bytes 9/20/2009 21:12:12
AEBB.DLL : 8.1.0.3 53618 Bytes 10/9/2008 20:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 14:47:59
AVPREF.DLL : 9.0.0.1 43777 Bytes 12/5/2008 16:32:15
AVREP.DLL : 8.0.0.3 155905 Bytes 1/20/2009 20:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 16:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 21:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 16:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 21:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 14:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 16:32:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 5/15/2009 21:39:58
RCTEXT.DLL : 9.0.37.0 86785 Bytes 4/17/2009 16:19:48
Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:, E:, F:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+SPR,
Start of the scan: Sunday, September 20, 2009 17:19
Starting search for hidden objects.
'218233' objects were checked, '0' hidden objects were found.
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'wlcomm.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'winssnotifye.exe' - '1' Module(s) have been scanned
Scan process 'HijackThis.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'FlashUtil10c.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarUser_32.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'taskmgr.exe' - '1' Module(s) have been scanned
Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
Scan process 'winssnotify.exe' - '1' Module(s) have been scanned
Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
Scan process 'ehrecvr.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'ehsched.exe' - '1' Module(s) have been scanned
Scan process 'WLIDSVCM.EXE' - '1' Module(s) have been scanned
Scan process 'WUDFHost.exe' - '1' Module(s) have been scanned
Scan process 'winss.exe' - '1' Module(s) have been scanned
Scan process 'msfwsvc.exe' - '1' Module(s) have been scanned
Scan process 'MotoConnect.exe' - '1' Module(s) have been scanned
Scan process 'YahooAUService.exe' - '1' Module(s) have been scanned
Scan process 'XAudio.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'WLIDSVC.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sqlwriter.exe' - '1' Module(s) have been scanned
Scan process 'sqlbrowser.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'pdisrvc.exe' - '1' Module(s) have been scanned
Scan process 'OcHealthMon.exe' - '1' Module(s) have been scanned
Scan process 'MotoConnectService.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'IAANTmon.exe' - '1' Module(s) have been scanned
Scan process 'PresentationFontCache.exe' - '1' Module(s) have been scanned
Scan process 'DTSRVC.exe' - '1' Module(s) have been scanned
Scan process 'DQLWinService.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'GoogleCrashHandler.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'dwm.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'audiodg.exe' - '0' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'MsMpEng.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvvsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
80 processes with 80 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[iNFO] No virus was found!
Master boot sector HD1
[iNFO] No virus was found!
Master boot sector HD2
[iNFO] No virus was found!
[iNFO] Please restart the search with Administrator rights
Master boot sector HD3
[iNFO] No virus was found!
[iNFO] Please restart the search with Administrator rights
Master boot sector HD4
[iNFO] No virus was found!
[iNFO] Please restart the search with Administrator rights
Master boot sector HD5
[iNFO] No virus was found!
[iNFO] Please restart the search with Administrator rights
Start scanning boot sectors:
Boot sector 'C:\'
[iNFO] No virus was found!
Boot sector 'D:\'
[iNFO] No virus was found!
Boot sector 'E:\'
[iNFO] No virus was found!
Boot sector 'F:\'
[iNFO] No virus was found!
Starting to scan executable files (registry).
The registry was scanned ( '40' files ).
Starting the file scan:
Begin scan in 'C:\' <Local Disk>
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\hp\bin\KillIt.exe
[DETECTION] Contains recognition pattern of the APPL/KillApp.A application
C:\hp\HPQWare\BTBHost\SetACL.exe
[DETECTION] Contains recognition pattern of the APPL/ACLSet application
C:\Users\Mike & Shasty\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\4839f1b9-429f9147
[0] Archive type: ZIP
--> vlocal.class
[DETECTION] Is the TR/Dldr.Java.OpenConnection.AT Trojan
C:\Users\Mike & Shasty\Documents\c00042301[1].pdf
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
C:\Users\Mike & Shasty\Documents\c00042301[1]_1.pdf
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
C:\Users\Mike & Shasty\Documents\c00042301[1]_2.pdf
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
C:\Users\Mike & Shasty\Documents\c00042301[1]_3.pdf
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
C:\Users\Mike & Shasty\Documents\c00042301[1]_4.pdf
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
C:\Users\Mike & Shasty\Documents\c00042301[1]_5.pdf
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
C:\Users\Mike &
Shasty\Pictures\4CA3UAIX1CAW3AIUDCAJ7LUX1CAB4M1RRCAJZ4NYKCAGKX9RPCAAPM3FMCA07U9RUCAO
69ZGBCAOFICFACAL8JTOGCA56GUAGCAIIQ97JCAFJSKMXCA52V38TCAEBXJEMCA1HLG8XCA3T98IO.jp
g
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
C:\Users\Mike &
Shasty\Pictures\4CA3UAIX1CAW3AIUDCAJ7LUX1CAB4M1RRCAJZ4NYKCAGKX9RPCAAPM3FMCA07U9RUCAO
69ZGBCAOFICFACAL8JTOGCA56GUAGCAIIQ97JCAFJSKMXCA52V38TCAEBXJEMCA1HLG8XCA3T98IO_1.
jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
C:\Users\Mike &
Shasty\Pictures\4CA3UAIX1CAW3AIUDCAJ7LUX1CAB4M1RRCAJZ4NYKCAGKX9RPCAAPM3FMCA07U9RUCAO
69ZGBCAOFICFACAL8JTOGCA56GUAGCAIIQ97JCAFJSKMXCA52V38TCAEBXJEMCA1HLG8XCA3T98IO_2.
jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
C:\Users\Mike &
Shasty\Pictures\4CA3UAIX1CAW3AIUDCAJ7LUX1CAB4M1RRCAJZ4NYKCAGKX9RPCAAPM3FMCA07U9RUCAO
69ZGBCAOFICFACAL8JTOGCA56GUAGCAIIQ97JCAFJSKMXCA52V38TCAEBXJEMCA1HLG8XCA3T98IO_3.
jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
C:\Users\Mike &
Shasty\Pictures\4CA3UAIX1CAW3AIUDCAJ7LUX1CAB4M1RRCAJZ4NYKCAGKX9RPCAAPM3FMCA07U9RUCAO
69ZGBCAOFICFACAL8JTOGCA56GUAGCAIIQ97JCAFJSKMXCA52V38TCAEBXJEMCA1HLG8XCA3T98IO_4.
jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
C:\Users\Mike &
Shasty\Pictures\4CA3UAIX1CAW3AIUDCAJ7LUX1CAB4M1RRCAJZ4NYKCAGKX9RPCAAPM3FMCA07U9RUCAO
69ZGBCAOFICFACAL8JTOGCA56GUAGCAIIQ97JCAFJSKMXCA52V38TCAEBXJEMCA1HLG8XCA3T98IO_5.
jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
C:\Users\Mike &
Shasty\Pictures\4CA3UAIX1CAW3AIUDCAJ7LUX1CAB4M1RRCAJZ4NYKCAGKX9RPCAAPM3FMCA07U9RUCAO
69ZGBCAOFICFACAL8JTOGCA56GUAGCAIIQ97JCAFJSKMXCA52V38TCAEBXJEMCA1HLG8XCA3T98IO_6.
jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
C:\Users\Mike &
Shasty\Pictures\4CA3UAIX1CAW3AIUDCAJ7LUX1CAB4M1RRCAJZ4NYKCAGKX9RPCAAPM3FMCA07U9RUCAO
69ZGBCAOFICFACAL8JTOGCA56GUAGCAIIQ97JCAFJSKMXCA52V38TCAEBXJEMCA1HLG8XCA3T98IO_7.
jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
C:\Users\Mike &
Shasty\Pictures\6CAWNL31LCAFES9A0CAOYLMTYCATGFF96CARYEOS3CA5E9FWZCAUAC07JCAZU9KFCCAZ
GC7QVCATGUZF4CAU81XE2CAN1TK6DCAJHVL9UCAPQORV8CAGX5E2NCAPDC7V5CAGAUAP8CAT643YZ.jp
g
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
C:\Users\Mike &
Shasty\Pictures\6CAWNL31LCAFES9A0CAOYLMTYCATGFF96CARYEOS3CA5E9FWZCAUAC07JCAZU9KFCCAZ
GC7QVCATGUZF4CAU81XE2CAN1TK6DCAJHVL9UCAPQORV8CAGX5E2NCAPDC7V5CAGAUAP8CAT643YZ_1.
jp
g
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
C:\Users\Mike &
Shasty\Pictures\6CAWNL31LCAFES9A0CAOYLMTYCATGFF96CARYEOS3CA5E9FWZCAUAC07JCAZU9KFCCAZ
GC7QVCATGUZF4CAU81XE2CAN1TK6DCAJHVL9UCAPQORV8CAGX5E2NCAPDC7V5CAGAUAP8CAT643YZ_2.
jp
g
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
C:\Users\Mike &
Shasty\Pictures\6CAWNL31LCAFES9A0CAOYLMTYCATGFF96CARYEOS3CA5E9FWZCAUAC07JCAZU9KFCCAZ
GC7QVCATGUZF4CAU81XE2CAN1TK6DCAJHVL9UCAPQORV8CAGX5E2NCAPDC7V5CAGAUAP8CAT643YZ_3.
jp
g
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
C:\Users\Mike & Shasty\Pictures\7E15BBE59FB3777B2FFCDD4918915[1].jpg
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\Users\Mike & Shasty\Pictures\7E15BBE59FB3777B2FFCDD4918915[1]_1.jpg
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\Users\Mike & Shasty\Pictures\7E15BBE59FB3777B2FFCDD4918915[1]_2.jpg
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\Users\Mike & Shasty\Pictures\7E15BBE59FB3777B2FFCDD4918915[1]_3.jpg
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\Users\Mike & Shasty\Pictures\7E15BBE59FB3777B2FFCDD4918915[1]_4.jpg
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\Users\Mike & Shasty\Pictures\7E15BBE59FB3777B2FFCDD4918915[1]_5.jpg
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\Users\Mike & Shasty\Pictures\7E15BBE59FB3777B2FFCDD4918915[1]_6.jpg
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\Users\Mike & Shasty\Pictures\7E15BBE59FB3777B2FFCDD4918915[1]_7.jpg
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\Users\Mike & Shasty\Pictures\dropshadow_1.png
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
C:\Users\Mike & Shasty\Pictures\dropshadow_10.png
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
C:\Users\Mike & Shasty\Pictures\dropshadow_4.png
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
C:\Users\Mike & Shasty\Pictures\dropshadow_7.png
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
C:\Users\Mike &
Shasty\Pictures\QCAD5MONVCABJQ143CAEO9UOUCAIRE8EECAHMB924CAT1PH8SCA80FXNMCAPCAMAZCA
36CQDBCAWX4NB9CAK8QYXXCADPK42JCAT9R4JYCAMJ6DNICAJ5PV35CA8S1S7GCAAPR4ZSCAZ6XQBV.j
pg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
C:\Users\Mike &
Shasty\Pictures\QCAD5MONVCABJQ143CAEO9UOUCAIRE8EECAHMB924CAT1PH8SCA80FXNMCAPCAMAZCA
36CQDBCAWX4NB9CAK8QYXXCADPK42JCAT9R4JYCAMJ6DNICAJ5PV35CA8S1S7GCAAPR4ZSCAZ6XQBV_1
.jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
C:\Users\Mike &
Shasty\Pictures\QCAD5MONVCABJQ143CAEO9UOUCAIRE8EECAHMB924CAT1PH8SCA80FXNMCAPCAMAZCA
36CQDBCAWX4NB9CAK8QYXXCADPK42JCAT9R4JYCAMJ6DNICAJ5PV35CA8S1S7GCAAPR4ZSCAZ6XQBV_2
.jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
C:\Users\Mike &
Shasty\Pictures\QCAD5MONVCABJQ143CAEO9UOUCAIRE8EECAHMB924CAT1PH8SCA80FXNMCAPCAMAZCA
36CQDBCAWX4NB9CAK8QYXXCADPK42JCAT9R4JYCAMJ6DNICAJ5PV35CA8S1S7GCAAPR4ZSCAZ6XQBV_3
.jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
C:\Users\Mike &
Shasty\Pictures\RCA429V0NCAWI2884CAMUCW4ZCAFKQ16XCAU6EKALCA7KEATQCAWSC4QDCAH1ZLVWC
ARR3FF0CASVOURCCAB0VUVOCAYF9OEXCAT8DHE9CATDPF88CAUMV7D3CACMQMSICA0RO5HUCATCSJ4D.
j
pg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
C:\Users\Mike &
Shasty\Pictures\RCA429V0NCAWI2884CAMUCW4ZCAFKQ16XCAU6EKALCA7KEATQCAWSC4QDCAH1ZLVWC
ARR3FF0CASVOURCCAB0VUVOCAYF9OEXCAT8DHE9CATDPF88CAUMV7D3CACMQMSICA0RO5HUCATCSJ4D_
1.jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
C:\Users\Mike &
Shasty\Pictures\RCA429V0NCAWI2884CAMUCW4ZCAFKQ16XCAU6EKALCA7KEATQCAWSC4QDCAH1ZLVWC
ARR3FF0CASVOURCCAB0VUVOCAYF9OEXCAT8DHE9CATDPF88CAUMV7D3CACMQMSICA0RO5HUCATCSJ4D_
2.jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
C:\Users\Mike &
Shasty\Pictures\RCA429V0NCAWI2884CAMUCW4ZCAFKQ16XCAU6EKALCA7KEATQCAWSC4QDCAH1ZLVWC
ARR3FF0CASVOURCCAB0VUVOCAYF9OEXCAT8DHE9CATDPF88CAUMV7D3CACMQMSICA0RO5HUCATCSJ4D_
3.jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
C:\Users\Mike &
Shasty\Pictures\RCA429V0NCAWI2884CAMUCW4ZCAFKQ16XCAU6EKALCA7KEATQCAWSC4QDCAH1ZLVWC
ARR3FF0CASVOURCCAB0VUVOCAYF9OEXCAT8DHE9CATDPF88CAUMV7D3CACMQMSICA0RO5HUCATCSJ4D_
4.jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
C:\Users\Mike &
Shasty\Pictures\RCA429V0NCAWI2884CAMUCW4ZCAFKQ16XCAU6EKALCA7KEATQCAWSC4QDCAH1ZLVWC
ARR3FF0CASVOURCCAB0VUVOCAYF9OEXCAT8DHE9CATDPF88CAUMV7D3CACMQMSICA0RO5HUCATCSJ4D_
5.jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
C:\Users\Mike &
Shasty\Pictures\RCA429V0NCAWI2884CAMUCW4ZCAFKQ16XCAU6EKALCA7KEATQCAWSC4QDCAH1ZLVWC
ARR3FF0CASVOURCCAB0VUVOCAYF9OEXCAT8DHE9CATDPF88CAUMV7D3CACMQMSICA0RO5HUCATCSJ4D_
6.jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
C:\Users\Mike &
Shasty\Pictures\RCA429V0NCAWI2884CAMUCW4ZCAFKQ16XCAU6EKALCA7KEATQCAWSC4QDCAH1ZLVWC
ARR3FF0CASVOURCCAB0VUVOCAYF9OEXCAT8DHE9CATDPF88CAUMV7D3CACMQMSICA0RO5HUCATCSJ4D_
7.jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
C:\Users\Mike & Shasty\Pictures\S_1_~1_13.PNG
[DETECTION] Is the TR/Unpacked.Gen Trojan
C:\Users\Mike & Shasty\Pictures\S_1_~1_5.PNG
[DETECTION] Is the TR/Unpacked.Gen Trojan
C:\Users\Mike & Shasty\Pictures\S_1_~1_9.PNG
[DETECTION] Is the TR/Unpacked.Gen Trojan
C:\Users\Mike & Shasty\Pictures\[004936].jpg
[DETECTION] Contains HEUR/HTML.Malware suspicious code
C:\Users\Mike & Shasty\Pictures\[004936]_1.jpg
[DETECTION] Contains HEUR/HTML.Malware suspicious code
C:\Users\Mike & Shasty\Pictures\[004936]_2.jpg
[DETECTION] Contains HEUR/HTML.Malware suspicious code
C:\Users\Mike & Shasty\Pictures\[004936]_3.jpg
[DETECTION] Contains HEUR/HTML.Malware suspicious code
C:\Users\Mike & Shasty\Pictures\[005783].jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
C:\Users\Mike & Shasty\Pictures\[005783]_1.jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
C:\Users\Mike & Shasty\Pictures\[005783]_2.jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
C:\Users\Mike & Shasty\Pictures\[005942].jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
C:\Users\Mike & Shasty\Pictures\[005942]_1.jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
C:\Users\Mike & Shasty\Pictures\[007773].jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
C:\Users\Mike & Shasty\Pictures\[007773]_1.jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
C:\Users\Mike & Shasty\Pictures\[007773]_2.jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
C:\Users\Mike & Shasty\Pictures\[007773]_3.jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
C:\Users\Mike & Shasty\Pictures\Recovered Images\[000263].jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
C:\Users\Mike & Shasty\Pictures\Recovered Images\[003289].jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
C:\Users\Mike & Shasty\Pictures\Recovered Images\[003289]_1.jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
C:\Users\Mike & Shasty\Pictures\Recovered Images\[003289]_2.jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
C:\Users\Mike & Shasty\Pictures\Recovered Images\[003289]_3.jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
Begin scan in 'D:\' <Recovery>
Begin scan in 'E:\'
E:\Backup files\Documents\c00042301[1].pdf
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
E:\Backup files\Documents\c00042301[1]_1.pdf
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
E:\Backup files\Documents\c00042301[1]_2.pdf
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
E:\Backup files\Documents\c00042301[1]_3.pdf
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
E:\Backup files\Documents\c00042301[1]_4.pdf
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
E:\Backup files\Documents\c00042301[1]_5.pdf
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
Begin scan in 'F:\'
Beginning disinfection:
C:\hp\bin\KillIt.exe
[DETECTION] Contains recognition pattern of the APPL/KillApp.A application
[NOTE] The file was moved to '4b22d7cd.qua'!
C:\hp\HPQWare\BTBHost\SetACL.exe
[DETECTION] Contains recognition pattern of the APPL/ACLSet application
[NOTE] The file was moved to '4b2ad7c9.qua'!
C:\Users\Mike & Shasty\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\4839f1b9-429f9147
[NOTE] The file was moved to '4ae9d79c.qua'!
C:\Users\Mike & Shasty\Documents\c00042301[1].pdf
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
[NOTE] The file was moved to '4ae6d794.qua'!
C:\Users\Mike & Shasty\Documents\c00042301[1]_1.pdf
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
[NOTE] The file was moved to '4c1649ed.qua'!
C:\Users\Mike & Shasty\Documents\c00042301[1]_2.pdf
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
[NOTE] The file was moved to '4c2a5fad.qua'!
C:\Users\Mike & Shasty\Documents\c00042301[1]_3.pdf
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
[NOTE] The file was moved to '4c0aa8cd.qua'!
C:\Users\Mike & Shasty\Documents\c00042301[1]_4.pdf
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
[NOTE] The file was moved to '4c14799d.qua'!
C:\Users\Mike & Shasty\Documents\c00042301[1]_5.pdf
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
[NOTE] The file was moved to '4c08597d.qua'!
C:\Users\Mike &
Shasty\Pictures\4CA3UAIX1CAW3AIUDCAJ7LUX1CAB4M1RRCAJZ4NYKCAGKX9RPCAAPM3FMCA07U9RUCAO
69ZGBCAOFICFACAL8JTOGCA56GUAGCAIIQ97JCAFJSKMXCA52V38TCAEBXJEMCA1HLG8XCA3T98IO.jp
g
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
[NOTE] The file was moved to '4af7d7a7.qua'!
C:\Users\Mike &
Shasty\Pictures\4CA3UAIX1CAW3AIUDCAJ7LUX1CAB4M1RRCAJZ4NYKCAGKX9RPCAAPM3FMCA07U9RUCAO
69ZGBCAOFICFACAL8JTOGCA56GUAGCAIIQ97JCAFJSKMXCA52V38TCAEBXJEMCA1HLG8XCA3T98IO_1.
jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
[NOTE] The file was moved to '4c0671e8.qua'!
C:\Users\Mike &
Shasty\Pictures\4CA3UAIX1CAW3AIUDCAJ7LUX1CAB4M1RRCAJZ4NYKCAGKX9RPCAAPM3FMCA07U9RUCAO
69ZGBCAOFICFACAL8JTOGCA56GUAGCAIIQ97JCAFJSKMXCA52V38TCAEBXJEMCA1HLG8XCA3T98IO_2.
jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
[NOTE] The file was moved to '4c394060.qua'!
C:\Users\Mike &
Shasty\Pictures\4CA3UAIX1CAW3AIUDCAJ7LUX1CAB4M1RRCAJZ4NYKCAGKX9RPCAAPM3FMCA07U9RUCAO
69ZGBCAOFICFACAL8JTOGCA56GUAGCAIIQ97JCAFJSKMXCA52V38TCAEBXJEMCA1HLG8XCA3T98IO_3.
jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
[NOTE] The file was moved to '4c184118.qua'!
C:\Users\Mike &
Shasty\Pictures\4CA3UAIX1CAW3AIUDCAJ7LUX1CAB4M1RRCAJZ4NYKCAGKX9RPCAAPM3FMCA07U9RUCAO
69ZGBCAOFICFACAL8JTOGCA56GUAGCAIIQ97JCAFJSKMXCA52V38TCAEBXJEMCA1HLG8XCA3T98IO_4.
jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
[NOTE] The file was moved to '4c9258f0.qua'!
C:\Users\Mike &
Shasty\Pictures\4CA3UAIX1CAW3AIUDCAJ7LUX1CAB4M1RRCAJZ4NYKCAGKX9RPCAAPM3FMCA07U9RUCAO
69ZGBCAOFICFACAL8JTOGCA56GUAGCAIIQ97JCAFJSKMXCA52V38TCAEBXJEMCA1HLG8XCA3T98IO_5.
jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
[NOTE] The file was moved to '4af7d7a8.qua'!
C:\Users\Mike &
Shasty\Pictures\4CA3UAIX1CAW3AIUDCAJ7LUX1CAB4M1RRCAJZ4NYKCAGKX9RPCAAPM3FMCA07U9RUCAO
69ZGBCAOFICFACAL8JTOGCA56GUAGCAIIQ97JCAFJSKMXCA52V38TCAEBXJEMCA1HLG8XCA3T98IO_6.
jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
[NOTE] The file was moved to '4ca45941.qua'!
C:\Users\Mike &
Shasty\Pictures\4CA3UAIX1CAW3AIUDCAJ7LUX1CAB4M1RRCAJZ4NYKCAGKX9RPCAAPM3FMCA07U9RUCAO
69ZGBCAOFICFACAL8JTOGCA56GUAGCAIIQ97JCAFJSKMXCA52V38TCAEBXJEMCA1HLG8XCA3T98IO_7.
jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
[NOTE] The file was moved to '4c914089.qua'!
C:\Users\Mike &
Shasty\Pictures\6CAWNL31LCAFES9A0CAOYLMTYCATGFF96CARYEOS3CA5E9FWZCAUAC07JCAZU9KFCCAZ
GC7QVCATGUZF4CAU81XE2CAN1TK6DCAJHVL9UCAPQORV8CAGX5E2NCAPDC7V5CAGAUAP8CAT643YZ.jp
g
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
[NOTE] The file was moved to '4c1dddb9.qua'!
C:\Users\Mike &
Shasty\Pictures\6CAWNL31LCAFES9A0CAOYLMTYCATGFF96CARYEOS3CA5E9FWZCAUAC07JCAZU9KFCCAZ
GC7QVCATGUZF4CAU81XE2CAN1TK6DCAJHVL9UCAPQORV8CAGX5E2NCAPDC7V5CAGAUAP8CAT643YZ_1.
jp
g
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
[NOTE] The file was moved to '4c1cc671.qua'!
C:\Users\Mike &
Shasty\Pictures\6CAWNL31LCAFES9A0CAOYLMTYCATGFF96CARYEOS3CA5E9FWZCAUAC07JCAZU9KFCCAZ
GC7QVCATGUZF4CAU81XE2CAN1TK6DCAJHVL9UCAPQORV8CAGX5E2NCAPDC7V5CAGAUAP8CAT643YZ_2.
jp
g
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
[NOTE] The file was moved to '462c6851.qua'!
C:\Users\Mike &
Shasty\Pictures\6CAWNL31LCAFES9A0CAOYLMTYCATGFF96CARYEOS3CA5E9FWZCAUAC07JCAZU9KFCCAZ
GC7QVCATGUZF4CAU81XE2CAN1TK6DCAJHVL9UCAPQORV8CAGX5E2NCAPDC7V5CAGAUAP8CAT643YZ_3.
jp
g
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
[NOTE] The file was moved to '462b1069.qua'!
C:\Users\Mike & Shasty\Pictures\7E15BBE59FB3777B2FFCDD4918915[1].jpg
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '4ae7d7aa.qua'!
C:\Users\Mike & Shasty\Pictures\7E15BBE59FB3777B2FFCDD4918915[1]_1.jpg
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '4631a833.qua'!
C:\Users\Mike & Shasty\Pictures\7E15BBE59FB3777B2FFCDD4918915[1]_2.jpg
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '463050cb.qua'!
C:\Users\Mike & Shasty\Pictures\7E15BBE59FB3777B2FFCDD4918915[1]_3.jpg
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '463f5883.qua'!
C:\Users\Mike & Shasty\Pictures\7E15BBE59FB3777B2FFCDD4918915[1]_4.jpg
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '463e415b.qua'!
C:\Users\Mike & Shasty\Pictures\7E15BBE59FB3777B2FFCDD4918915[1]_5.jpg
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '4da0e8f3.qua'!
C:\Users\Mike & Shasty\Pictures\7E15BBE59FB3777B2FFCDD4918915[1]_6.jpg
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '4daf908b.qua'!
C:\Users\Mike & Shasty\Pictures\7E15BBE59FB3777B2FFCDD4918915[1]_7.jpg
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '4dae9943.qua'!
C:\Users\Mike & Shasty\Pictures\dropshadow_1.png
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
[NOTE] The file was moved to '4b25d7d7.qua'!
C:\Users\Mike & Shasty\Pictures\dropshadow_10.png
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
[NOTE] The file was moved to '4b25d7d8.qua'!
C:\Users\Mike & Shasty\Pictures\dropshadow_4.png
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
[NOTE] The file was moved to '4d55eaa9.qua'!
C:\Users\Mike & Shasty\Pictures\dropshadow_7.png
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
[NOTE] The file was moved to '4d5492e1.qua'!
C:\Users\Mike &
Shasty\Pictures\QCAD5MONVCABJQ143CAEO9UOUCAIRE8EECAHMB924CAT1PH8SCA80FXNMCAPCAMAZCA
36CQDBCAWX4NB9CAK8QYXXCADPK42JCAT9R4JYCAMJ6DNICAJ5PV35CA8S1S7GCAAPR4ZSCAZ6XQBV.j
pg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
[NOTE] The file was moved to '4af7d7a9.qua'!
C:\Users\Mike &
Shasty\Pictures\QCAD5MONVCABJQ143CAEO9UOUCAIRE8EECAHMB924CAT1PH8SCA80FXNMCAPCAMAZCA
36CQDBCAWX4NB9CAK8QYXXCADPK42JCAT9R4JYCAMJ6DNICAJ5PV35CA8S1S7GCAAPR4ZSCAZ6XQBV_1
.jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
[NOTE] The file was moved to '4c046b72.qua'!
C:\Users\Mike &
Shasty\Pictures\QCAD5MONVCABJQ143CAEO9UOUCAIRE8EECAHMB924CAT1PH8SCA80FXNMCAPCAMAZCA
36CQDBCAWX4NB9CAK8QYXXCADPK42JCAT9R4JYCAMJ6DNICAJ5PV35CA8S1S7GCAAPR4ZSCAZ6XQBV_2
.jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
[NOTE] The file was moved to '4c03130a.qua'!
C:\Users\Mike &
Shasty\Pictures\QCAD5MONVCABJQ143CAEO9UOUCAIRE8EECAHMB924CAT1PH8SCA80FXNMCAPCAMAZCA
36CQDBCAWX4NB9CAK8QYXXCADPK42JCAT9R4JYCAMJ6DNICAJ5PV35CA8S1S7GCAAPR4ZSCAZ6XQBV_3
.jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
[NOTE] The file was moved to '4c021bc2.qua'!
C:\Users\Mike &
Shasty\Pictures\RCA429V0NCAWI2884CAMUCW4ZCAFKQ16XCAU6EKALCA7KEATQCAWSC4QDCAH1ZLVWC
ARR3FF0CASVOURCCAB0VUVOCAYF9OEXCAT8DHE9CATDPF88CAUMV7D3CACMQMSICA0RO5HUCATCSJ4D.
j
pg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
[NOTE] The file was moved to '4c01039a.qua'!
C:\Users\Mike &
Shasty\Pictures\RCA429V0NCAWI2884CAMUCW4ZCAFKQ16XCAU6EKALCA7KEATQCAWSC4QDCAH1ZLVWC
ARR3FF0CASVOURCCAB0VUVOCAYF9OEXCAT8DHE9CATDPF88CAUMV7D3CACMQMSICA0RO5HUCATCSJ4D_
1.jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
[NOTE] The file was moved to '4c000c52.qua'!
C:\Users\Mike &
Shasty\Pictures\RCA429V0NCAWI2884CAMUCW4ZCAFKQ16XCAU6EKALCA7KEATQCAWSC4QDCAH1ZLVWC
ARR3FF0CASVOURCCAB0VUVOCAYF9OEXCAT8DHE9CATDPF88CAUMV7D3CACMQMSICA0RO5HUCATCSJ4D_
2.jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
[NOTE] The file was moved to '4c0f346a.qua'!
C:\Users\Mike &
Shasty\Pictures\RCA429V0NCAWI2884CAMUCW4ZCAFKQ16XCAU6EKALCA7KEATQCAWSC4QDCAH1ZLVWC
ARR3FF0CASVOURCCAB0VUVOCAYF9OEXCAT8DHE9CATDPF88CAUMV7D3CACMQMSICA0RO5HUCATCSJ4D_
3.jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
[NOTE] The file was moved to '4c0e3c22.qua'!
C:\Users\Mike &
Shasty\Pictures\RCA429V0NCAWI2884CAMUCW4ZCAFKQ16XCAU6EKALCA7KEATQCAWSC4QDCAH1ZLVWC
ARR3FF0CASVOURCCAB0VUVOCAYF9OEXCAT8DHE9CATDPF88CAUMV7D3CACMQMSICA0RO5HUCATCSJ4D_
4.jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
[NOTE] The file was moved to '4c0d24fa.qua'!
C:\Users\Mike &
Shasty\Pictures\RCA429V0NCAWI2884CAMUCW4ZCAFKQ16XCAU6EKALCA7KEATQCAWSC4QDCAH1ZLVWC
ARR3FF0CASVOURCCAB0VUVOCAYF9OEXCAT8DHE9CATDPF88CAUMV7D3CACMQMSICA0RO5HUCATCSJ4D_
5.jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
[NOTE] The file was moved to '4ca2428a.qua'!
C:\Users\Mike &
Shasty\Pictures\RCA429V0NCAWI2884CAMUCW4ZCAFKQ16XCAU6EKALCA7KEATQCAWSC4QDCAH1ZLVWC
ARR3FF0CASVOURCCAB0VUVOCAYF9OEXCAT8DHE9CATDPF88CAUMV7D3CACMQMSICA0RO5HUCATCSJ4D_
6.jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
[NOTE] The file was moved to '4ca14b42.qua'!
C:\Users\Mike &
Shasty\Pictures\RCA429V0NCAWI2884CAMUCW4ZCAFKQ16XCAU6EKALCA7KEATQCAWSC4QDCAH1ZLVWC
ARR3FF0CASVOURCCAB0VUVOCAYF9OEXCAT8DHE9CATDPF88CAUMV7D3CACMQMSICA0RO5HUCATCSJ4D_
7.jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
[NOTE] The file was moved to '4ca0731a.qua'!
C:\Users\Mike & Shasty\Pictures\S_1_~1_13.PNG
[DETECTION] Is the TR/Unpacked.Gen Trojan
[NOTE] The file was moved to '4ae7d7c5.qua'!
C:\Users\Mike & Shasty\Pictures\S_1_~1_5.PNG
[DETECTION] Is the TR/Unpacked.Gen Trojan
[NOTE] The file was moved to '4cbe6386.qua'!
C:\Users\Mike & Shasty\Pictures\S_1_~1_9.PNG
[DETECTION] Is the TR/Unpacked.Gen Trojan
[NOTE] The file was moved to '4cbd6bce.qua'!
C:\Users\Mike & Shasty\Pictures\[004936].jpg
[DETECTION] Contains HEUR/HTML.Malware suspicious code
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '4ae6d796.qua'!
C:\Users\Mike & Shasty\Pictures\[004936]_1.jpg
[DETECTION] Contains HEUR/HTML.Malware suspicious code
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '4ae6d797.qua'!
C:\Users\Mike & Shasty\Pictures\[004936]_2.jpg
[DETECTION] Contains HEUR/HTML.Malware suspicious code
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '4dc8ee20.qua'!
C:\Users\Mike & Shasty\Pictures\[004936]_3.jpg
[DETECTION] Contains HEUR/HTML.Malware suspicious code
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '4c90bbb8.qua'!
C:\Users\Mike & Shasty\Pictures\[005783].jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
[NOTE] The file was moved to '4c958350.qua'!
C:\Users\Mike & Shasty\Pictures\[005783]_1.jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
[NOTE] The file was moved to '4ae6d798.qua'!
C:\Users\Mike & Shasty\Pictures\[005783]_2.jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
[NOTE] The file was moved to '4cbb04f9.qua'!
C:\Users\Mike & Shasty\Pictures\[005942].jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
[NOTE] The file was moved to '4cb80cb1.qua'!
C:\Users\Mike & Shasty\Pictures\[005942]_1.jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
[NOTE] The file was moved to '4cb93569.qua'!
C:\Users\Mike & Shasty\Pictures\[007773].jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
[NOTE] The file was moved to '4ae6d799.qua'!
C:\Users\Mike & Shasty\Pictures\[007773]_1.jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
[NOTE] The file was moved to '4ede0afa.qua'!
C:\Users\Mike & Shasty\Pictures\[007773]_2.jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
[NOTE] The file was moved to '4c928b0a.qua'!
C:\Users\Mike & Shasty\Pictures\[007773]_3.jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
[NOTE] The file was moved to '4c87251a.qua'!
C:\Users\Mike & Shasty\Pictures\Recovered Images\[000263].jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
[NOTE] The file was moved to '4ae6d79a.qua'!
C:\Users\Mike & Shasty\Pictures\Recovered Images\[003289].jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
[NOTE] The file was moved to '4edd2323.qua'!
C:\Users\Mike & Shasty\Pictures\Recovered Images\[003289]_1.jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
[NOTE] The file was moved to '4eda2b1b.qua'!
C:\Users\Mike & Shasty\Pictures\Recovered Images\[003289]_2.jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
[NOTE] The file was moved to '4ed8d3d3.qua'!
C:\Users\Mike & Shasty\Pictures\Recovered Images\[003289]_3.jpg
[DETECTION] Contains recognition pattern of the DR/FakePic.Gen dropper
[NOTE] The file was moved to '4ed9db8b.qua'!
E:\Backup files\Documents\c00042301[1].pdf
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
[NOTE] The file was moved to '4c0b5213.qua'!
E:\Backup files\Documents\c00042301[1]_1.pdf
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
[NOTE] The file was moved to '4edf32b3.qua'!
E:\Backup files\Documents\c00042301[1]_2.pdf
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
[NOTE] The file was moved to '4c82d58b.qua'!
E:\Backup files\Documents\c00042301[1]_3.pdf
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
[NOTE] The file was moved to '4ea4f4f3.qua'!
E:\Backup files\Documents\c00042301[1]_4.pdf
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
[NOTE] The file was moved to '4c842dd3.qua'!
E:\Backup files\Documents\c00042301[1]_5.pdf
[DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus
[NOTE] The file was moved to '4ea6c443.qua'!
End of the scan: Sunday, September 20, 2009 20:31
Used time: 3:06:10 Hour(s)
The scan has been done completely.
26313 Scanned directories
955993 Files were scanned
68 Viruses and/or unwanted programs were found
4 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
72 Files were moved to quarantine
0 Files were renamed
1 Files cannot be scanned
955920 Files not concerned
6010 Archives were scanned
1 Warnings
73 Notes
218233 Objects were scanned with rootkit scan
0 Hidden objects were found
-
Malwarebytes' Anti-Malware 1.41
Database version: 2833
Windows 6.0.6002 Service Pack 2
9/20/2009 6:38:40 PM
mbam-log-2009-09-20 (18-38-22).txt
Scan type: Quick Scan
Objects scanned: 97266
Time elapsed: 15 minute(s), 43 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 6
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Program Files\Live_TV (Trojan.Agent) -> No action taken.
C:\Users\Mike & Shasty\Local Settings\Application Data\Live_TV (Trojan.Agent) -> No action taken.
C:\Users\Mike & Shasty\Local Settings\Application Data\Live_TV\CacheIcons (Trojan.Agent) -> No action taken.
C:\Users\Mike & Shasty\Local Settings\Application Data\Live_TV\CacheIcons (Trojan.Agent) -> Files: 522 -> No action taken.
C:\Users\Mike & Shasty\Local Settings\Application Data\Live_TV\RadioPlayer (Trojan.Agent) -> No action taken.
C:\Users\Mike & Shasty\Local Settings\Application Data\Live_TV\rss (Trojan.Agent) -> No action taken.
Files Infected:
C:\Users\Mike & Shasty\Local Settings\Application Data\Live_TV\rss\5851180&sappl=1&sacqyop=ge&saslc=0&floc=1&sabfmts=2&saprclo=150&sascs=2&saprchi=550&saaff=afepn&ftrv=8&fbfmt=1&ftrt=1&fcl=3&ft=1&frpp=50&customid=&nojspr=y&satitle=new&afmp=&sacat=293&saslop=1&fss=0.xml (Trojan.Agent) -> No action taken.
C:\Users\Mike & Shasty\Local Settings\Application Data\Live_TV\rss\http___video_google_com_videofeed_type=top100new&num=20&output=rss.xml (Trojan.Agent) -> No action taken.
C:\Users\Mike & Shasty\Local Settings\Application Data\Live_TV\rss\http___www_youtube_com_rss_global_top_viewed_today_rss.xml (Trojan.Agent) -> No action taken.
-
Where is the File Location and What is File Name for the Quarantined Files in Maleware Antimalware on my CPU
I need to access that folder manually and the File name nor its loacation is listed anywhere,...BTW I am not talking about the log files, but the QUARANTINED File and Folder(s) Location as well as its File and Folder(s) Name..
If anyone can help please provide the information requested...thanks a lot...
-
It will save a current log and when I review the other logs It basicly says there is no infections but when the scan went I have 73 Trojans, but not even Superantivirus spyware pick that up and I noticed a tray icon that resembles other programs that comes on and disappears when I go to click on it...I know I am infected, butr am getting pissed about this, since I always keep up on this, but somehow someone got around my defenses
-
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:07:10 PM, on 9/20/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\COMMON~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Cooliris Plug-In for Internet Explorer - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\cooliris.dll
O2 - BHO: TBSB03621 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\CommentsBar\tbcore3.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: CommentsBar - {5A0035AB-8F83-4D03-BE4E-C8267A3A4A1A} - C:\Program Files\CommentsBar\tbcore3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll
O4 - HKLM\..\Run: [DT HPW] C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe -HPW
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\cooliris.dll
O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O13 - Gopher Prefix:
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/...s/wlscctrl2.cab
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...tDetection2.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe
O23 - Service: Google Update Service (gupdate1c9965fc0d2f60) (gupdate1c9965fc0d2f60) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel® Viiv Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: MotoConnect Service - Unknown owner - C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Portrait Displays SDK Service (PdiService) - Portrait Displays, Inc. - C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 11430 bytes
-
I have the free version and have been using it for a couple of years.... It has always worked great, but recently I have a major problem....
When I perform a can (Complete or quick) and upon completeion it ask me to clean or remove the items selected...So when I click on it...all of a sudden it starts its process and then goes into the programm has encountered and problem and must shutdown, never allowing me to remove the items found....
I have tried uninstalling the program...including removing it from the regedit (registry keys) so that ther was no hidden files left and reinstalled it....however, the problem still exist after reinstalling the program.....
I also tried to install it on another pc to see whether or not it was the software, but it worked fine.....
So I need some help on this one, has anyone heard of this problem before with this program?
REPLIED YARDBIRD
yardbird
View Member Profile Add as Friend Send Message Find Member's Topics Find Member's Posts Today, 03:34 PM Post #2
Forum Deity
Group: Honorary Members
Posts: 1,789
Joined: 8-September 08
From: Gila Co. Arizona, USA
Member No.: 3,835
Welcome to Malwarebytes! If it runs on 1 pc and not the other. I would guess you may have an infection. You had no Error messages? If none please proceed as instructed below:
follow these instructions & post it in the HiJackLog Forum please
Scan and post logs - read note at bottom in green
If you're having Malware related issues with your computer that you're unable to resolve.
1.Please read and follow the instructions provided here: I'm infected - What do I do now?2.If needed please post your logs in a NEW topic here: Malware Removal - HijackThis Logs3.When posting logs please do not use any Quote, Code, or other tags. Please copy/paste directly into your post and do not attach files unless requested.
-
I have the free version and have been using it for a couple of years.... It has always worked great, but recently I have a major problem....
When I perform a can (Complete or quick) and upon completeion it ask me to clean or remove the items selected...So when I click on it...all of a sudden it starts its process and then goes into the programm has encountered and problem and must shutdown, never allowing me to remove the items found....
I have tried uninstalling the program...including removing it from the regedit (registry keys) so that ther was no hidden files left and reinstalled it....however, the problem still exist after reinstalling the program.....
I also tried to install it on another pc to see whether or not it was the software, but it worked fine.....
So I need some help on this one, has anyone heard of this problem before with this program?
ATTN YARDBIRD NEW THREAD Maleware Shutsdown before removing items selected
in Resolved Malware Removal Logs
Posted
TrendSecure
Trend Micro
Your current Web browser may not display this site properly.
TrendSecure performs best when opened with the latest version of either Microsoft Internet Explorer or Mozilla Firefox.
Comparison of your HijackThis log file items to others
The table below compares the items HijackThis found on your computer with those on other people's computers. The column "% of PCs with item" indicates what percent of other people's HijackThis log files contain the item in that row of the table. Additional information will be provided as more HijackThis log files are added to the AnalyzeThis database.
Each entry is coded to indicate the type of item it is on your computer. An explanation of these codes may be found at the bottom of this page.
Index % of PCs with item Code Data
1 0.0% O1 ::1 localhost
2 0.0% O13
69 0.0% O8 Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
70 0.0% O8 Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
76 0.0% P01 C:\WINDOWS\Explorer.EXE
77 0.0% P01 C:\Program Files\Internet Explorer\iexplore.exe
78 0.0% P01 C:\WINDOWS\system32\NOTEPAD.EXE
79 0.0% P01 C:\WINDOWS\system32\taskmgr.exe
80 0.0% P01 C:\Windows\ehome\ehtray.exe
81 0.0% P01 C:\Windows\ehome\ehmsas.exe
82 0.0% P01 C:\Program Files\Windows Media Player\wmpnscfg.exe
83 0.0% P01 C:\Windows\system32\taskeng.exe
84 0.0% P01 C:\Windows\system32\Dwm.exe
85 0.0% P01 C:\Windows\system32\wbem\unsecapp.exe
86 0.0% P01 C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
87 0.0% P01 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
88 0.0% P01 C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
89 0.0% P01 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
90 0.0% P01 C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
91 0.0% P01 C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
92 0.0% P01 C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
93 0.0% P01 C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
94 0.0% R0 HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
95 0.0% R0 HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
96 0.0% R0 HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
97 0.0% R0 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
98 0.0% R1 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
99 0.0% R1 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
100 0.0% R1 HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
101 0.0% R1 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
102 0.0% R1 HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
Explanation of the codes
R - Registry, StartPage/SearchPage changes
R0 - Changed registry value
R1 - Created registry value
R2 - Created registry key
R3 - Created extra registry value where only one should be
F - IniFiles, autoloading entries
F0 - Changed inifile value
F1 - Created inifile value
F2 - Changed inifile value, mapped to Registry
F3 - Created inifile value, mapped to Registry
N - Netscape/Mozilla StartPage/SearchPage changes
N1 - Change in prefs.js of Netscape 4.x
N2 - Change in prefs.js of Netscape 6
N3 - Change in prefs.js of Netscape 7
N4 - Change in prefs.js of Mozilla
O - Other, several sections which represent:
O1 - Hijack of auto.search.msn.com with Hosts file
O2 - Enumeration of existing MSIE BHO's
O3 - Enumeration of existing MSIE toolbars
O4 - Enumeration of suspicious autoloading Registry entries
O5 - Blocking of loading Internet Options in Control Panel
O6 - Disabling of 'Internet Options' Main tab with Policies
O7 - Disabling of Regedit with Policies
O8 - Extra MSIE context menu items
O9 - Extra 'Tools' menuitems and buttons
O10 - Breaking of Internet access by New.Net or WebHancer
O11 - Extra options in MSIE 'Advanced' settings tab
O12 - MSIE plugins for file extensions or MIME types
O13 - Hijack of default URL prefixes
O14 - Changing of IERESET.INF
O15 - Trusted Zone Autoadd
O16 - Download Program Files item
O17 - Domain hijack
O18 - Enumeration of existing protocols and filters
O19 - User stylesheet hijack
O20 - AppInit_DLLs autorun Registry value, Winlogon Notify Registry keys
O21 - ShellServiceObjectDelayLoad (SSODL) autorun Registry key
O22 - SharedTaskScheduler autorun Registry key
O23 - Enumeration of NT Services
O24 - Enumeration of ActiveX Desktop Components