Simular to "The virus from Hell" continues

[South of the James]

I'm starting this with the last post I put on original Thread.

See original Thread for whole story.

I went one step further on the "I'm infected - What do I do now?" article and found something interesting. Look at this:

Avira AntiVir Personal

Report file date: Monday, February 28, 2011 12:43

Scanning for 2443497 virus strains and unwanted programs.

The program is running as an unrestricted full version.

Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus

Serial number : 0000149996-ADJIE-0000001

Platform : Windows 7

Windows version : (plain) [6.1.7600]

Boot mode : Normally booted

Username : SYSTEM

Computer name : ROBIN-PC

Version information:

BUILD.DAT : 10.0.0.611 31824 Bytes 1/14/2011 13:42:00

AVSCAN.EXE : 10.0.3.5 435368 Bytes 1/10/2011 19:23:31

AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 17:57:04

LUKE.DLL : 10.0.3.2 104296 Bytes 1/10/2011 19:23:40

LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 04:40:49

VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 14:05:36

VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 19:23:50

VBASE002.VDF : 7.11.3.0 1950720 Bytes 2/9/2011 16:46:53

VBASE003.VDF : 7.11.3.1 2048 Bytes 2/9/2011 16:46:53

VBASE004.VDF : 7.11.3.2 2048 Bytes 2/9/2011 16:46:53

VBASE005.VDF : 7.11.3.3 2048 Bytes 2/9/2011 16:46:54

VBASE006.VDF : 7.11.3.4 2048 Bytes 2/9/2011 16:46:54

VBASE007.VDF : 7.11.3.5 2048 Bytes 2/9/2011 16:46:54

VBASE008.VDF : 7.11.3.6 2048 Bytes 2/9/2011 16:46:54

VBASE009.VDF : 7.11.3.7 2048 Bytes 2/9/2011 16:46:54

VBASE010.VDF : 7.11.3.8 2048 Bytes 2/9/2011 16:46:55

VBASE011.VDF : 7.11.3.9 2048 Bytes 2/9/2011 16:46:55

VBASE012.VDF : 7.11.3.10 2048 Bytes 2/9/2011 16:46:55

VBASE013.VDF : 7.11.3.59 157184 Bytes 2/14/2011 16:46:57

VBASE014.VDF : 7.11.3.97 120320 Bytes 2/16/2011 16:46:59

VBASE015.VDF : 7.11.3.148 128000 Bytes 2/19/2011 16:47:00

VBASE016.VDF : 7.11.3.183 140288 Bytes 2/22/2011 16:47:02

VBASE017.VDF : 7.11.3.216 124416 Bytes 2/24/2011 16:47:04

VBASE018.VDF : 7.11.3.251 159232 Bytes 2/28/2011 16:47:06

VBASE019.VDF : 7.11.3.252 2048 Bytes 2/28/2011 16:47:07

VBASE020.VDF : 7.11.3.253 2048 Bytes 2/28/2011 16:47:07

VBASE021.VDF : 7.11.3.254 2048 Bytes 2/28/2011 16:47:07

VBASE022.VDF : 7.11.3.255 2048 Bytes 2/28/2011 16:47:07

VBASE023.VDF : 7.11.4.0 2048 Bytes 2/28/2011 16:47:07

VBASE024.VDF : 7.11.4.1 2048 Bytes 2/28/2011 16:47:08

VBASE025.VDF : 7.11.4.2 2048 Bytes 2/28/2011 16:47:08

VBASE026.VDF : 7.11.4.3 2048 Bytes 2/28/2011 16:47:08

VBASE027.VDF : 7.11.4.4 2048 Bytes 2/28/2011 16:47:08

VBASE028.VDF : 7.11.4.5 2048 Bytes 2/28/2011 16:47:08

VBASE029.VDF : 7.11.4.6 2048 Bytes 2/28/2011 16:47:09

VBASE030.VDF : 7.11.4.7 2048 Bytes 2/28/2011 16:47:09

VBASE031.VDF : 7.11.4.9 2048 Bytes 2/28/2011 16:47:09

Engineversion : 8.2.4.176

AEVDF.DLL : 8.1.2.1 106868 Bytes 1/10/2011 19:23:26

AESCRIPT.DLL : 8.1.3.55 1282426 Bytes 2/28/2011 16:47:46

AESCN.DLL : 8.1.7.2 127349 Bytes 1/10/2011 19:23:26

AESBX.DLL : 8.1.3.2 254324 Bytes 1/10/2011 19:23:26

AERDL.DLL : 8.1.9.2 635252 Bytes 1/10/2011 19:23:25

AEPACK.DLL : 8.2.4.10 520567 Bytes 2/28/2011 16:47:41

AEOFFICE.DLL : 8.1.1.16 205179 Bytes 2/28/2011 16:47:35

AEHEUR.DLL : 8.1.2.81 3314038 Bytes 2/28/2011 16:47:33

AEHELP.DLL : 8.1.16.1 246134 Bytes 2/28/2011 16:47:17

AEGEN.DLL : 8.1.5.2 397683 Bytes 2/28/2011 16:47:15

AEEMU.DLL : 8.1.3.0 393589 Bytes 1/10/2011 19:23:18

AECORE.DLL : 8.1.19.2 196983 Bytes 2/28/2011 16:47:13

AEBB.DLL : 8.1.1.0 53618 Bytes 1/10/2011 19:23:18

AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/10/2011 19:23:32

AVPREF.DLL : 10.0.0.0 44904 Bytes 1/10/2011 19:23:30

AVREP.DLL : 10.0.0.8 62209 Bytes 6/17/2010 19:27:13

AVREG.DLL : 10.0.3.2 53096 Bytes 1/10/2011 19:23:31

AVSCPLR.DLL : 10.0.3.2 84328 Bytes 1/10/2011 19:23:31

AVARKT.DLL : 10.0.22.6 231784 Bytes 1/10/2011 19:23:27

AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/10/2011 19:23:28

SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 19:27:22

AVSMTP.DLL : 10.0.0.17 63848 Bytes 1/10/2011 19:23:31

NETNT.DLL : 10.0.0.0 11624 Bytes 6/17/2010 19:27:21

RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 18:10:20

RCTEXT.DLL : 10.0.58.0 97128 Bytes 1/10/2011 19:23:52

Configuration settings for the scan:

Jobname.............................: Complete system scan

Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp

Logging.............................: low

Primary action......................: interactive

Secondary action....................: ignore

Scan master boot sector.............: on

Scan boot sector....................: on

Boot sectors........................: C:, D:,

Process scan........................: on

Extended process scan...............: on

Scan registry.......................: on

Search for rootkits.................: on

Integrity checking of system files..: off

Scan all files......................: All files

Scan archives.......................: on

Recursion depth.....................: 20

Smart extensions....................: on

Macro heuristic.....................: on

File heuristic......................: medium

Start of the scan: Monday, February 28, 2011 12:43

Starting search for hidden objects.

c:\program files\logmein\x86\lmiguardiansvc.exe

c:\program files\logmein\x86\lmiguardiansvc.exe

[NOTE] The process is not visible.

c:\program files\logmein\x86\lmiguardiansvc.exe

The scan of running processes will be started

Scan process 'svchost.exe' - '37' Module(s) have been scanned

Scan process 'vssvc.exe' - '55' Module(s) have been scanned

Scan process 'avscan.exe' - '84' Module(s) have been scanned

Scan process 'avscan.exe' - '37' Module(s) have been scanned

Scan process 'avcenter.exe' - '78' Module(s) have been scanned

Scan process 'NOTEPAD.EXE' - '34' Module(s) have been scanned

Scan process 'avgnt.exe' - '63' Module(s) have been scanned

Scan process 'sched.exe' - '57' Module(s) have been scanned

Scan process 'conhost.exe' - '25' Module(s) have been scanned

Scan process 'avshadow.exe' - '39' Module(s) have been scanned

Scan process 'avguard.exe' - '80' Module(s) have been scanned

Scan process 'plugin-container.exe' - '73' Module(s) have been scanned

Scan process 'MSASCui.exe' - '54' Module(s) have been scanned

Scan process 'svchost.exe' - '57' Module(s) have been scanned

Scan process 'mbamservice.exe' - '48' Module(s) have been scanned

Scan process 'firefox.exe' - '134' Module(s) have been scanned

Scan process 'svchost.exe' - '45' Module(s) have been scanned

Scan process 'wmpnetwk.exe' - '116' Module(s) have been scanned

Scan process 'svchost.exe' - '46' Module(s) have been scanned

Scan process 'SearchIndexer.exe' - '65' Module(s) have been scanned

Scan process 'dsc.exe' - '73' Module(s) have been scanned

Scan process 'Weather.exe' - '84' Module(s) have been scanned

Scan process 'mbamgui.exe' - '30' Module(s) have been scanned

Scan process 'sprtcmd.exe' - '101' Module(s) have been scanned

Scan process 'VerizonServicepoint.exe' - '89' Module(s) have been scanned

Scan process 'memcard.exe' - '41' Module(s) have been scanned

Scan process 'dlcxmon.exe' - '42' Module(s) have been scanned

Scan process 'AvastUI.exe' - '78' Module(s) have been scanned

Scan process 'LogMeInSystray.exe' - '65' Module(s) have been scanned

Scan process 'Explorer.EXE' - '216' Module(s) have been scanned

Scan process 'AWC.exe' - '94' Module(s) have been scanned

Scan process 'WLIDSvcM.exe' - '27' Module(s) have been scanned

Scan process 'Dwm.exe' - '44' Module(s) have been scanned

Scan process 'taskhost.exe' - '58' Module(s) have been scanned

Scan process 'taskeng.exe' - '36' Module(s) have been scanned

Scan process 'WLIDSVC.EXE' - '82' Module(s) have been scanned

Scan process 'svchost.exe' - '26' Module(s) have been scanned

Scan process 'svchost.exe' - '52' Module(s) have been scanned

Scan process 'STacSV.exe' - '42' Module(s) have been scanned

Scan process 'svchost.exe' - '71' Module(s) have been scanned

Scan process 'RoxWatch9.exe' - '64' Module(s) have been scanned

Scan process 'LogMeIn.exe' - '106' Module(s) have been scanned

Scan process 'RaMaint.exe' - '49' Module(s) have been scanned

Scan process 'LMIGuardianSvc.exe' - '38' Module(s) have been scanned

Scan process 'Verizon_IHAMessageCenter.exe' - '54' Module(s) have been scanned

Scan process 'dlcxcoms.exe' - '51' Module(s) have been scanned

Scan process 'svchost.exe' - '69' Module(s) have been scanned

Scan process 'spoolsv.exe' - '111' Module(s) have been scanned

Scan process 'AvastSvc.exe' - '103' Module(s) have been scanned

Scan process 'svchost.exe' - '83' Module(s) have been scanned

Scan process 'nvvsvc.exe' - '44' Module(s) have been scanned

Scan process 'svchost.exe' - '90' Module(s) have been scanned

Scan process 'svchost.exe' - '152' Module(s) have been scanned

Scan process 'svchost.exe' - '114' Module(s) have been scanned

Scan process 'svchost.exe' - '89' Module(s) have been scanned

Scan process 'svchost.exe' - '48' Module(s) have been scanned

Scan process 'nvvsvc.exe' - '29' Module(s) have been scanned

Scan process 'svchost.exe' - '59' Module(s) have been scanned

Scan process 'winlogon.exe' - '41' Module(s) have been scanned

Scan process 'lsm.exe' - '33' Module(s) have been scanned

Scan process 'lsass.exe' - '74' Module(s) have been scanned

Scan process 'services.exe' - '44' Module(s) have been scanned

Scan process 'csrss.exe' - '16' Module(s) have been scanned

Scan process 'wininit.exe' - '37' Module(s) have been scanned

Scan process 'csrss.exe' - '16' Module(s) have been scanned

Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

Master boot sector HD1

[iNFO] No virus was found!

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Boot sector 'D:\'

[iNFO] No virus was found!

Starting to scan executable files (registry).

The registry was scanned ( '412' files ).

Starting the file scan:

Begin scan in 'C:\' <OS>

C:\Users\Robin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\78d32ff3-5fd2fc2c

[0] Archive type: ZIP

[DETECTION] Contains recognition pattern of the JAVA/Agent.AW Java virus

--> kilo/bottom.class

[DETECTION] Contains recognition pattern of the JAVA/Agent.AW Java virus

--> kilo/perev.class

[DETECTION] Contains recognition pattern of the JAVA/OpenStream.F Java virus

--> utilits/nod_sucks.class

[DETECTION] Contains recognition pattern of the JAVA/Agent.X.1 Java virus

C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\28293fa0-5406d4d6

[0] Archive type: ZIP

[DETECTION] Contains recognition pattern of the JAVA/Agent.AW Java virus

--> kilo/bottom.class

[DETECTION] Contains recognition pattern of the JAVA/Agent.AW Java virus

--> kilo/perev.class

[DETECTION] Contains recognition pattern of the JAVA/OpenStream.F Java virus

--> utilits/nod_sucks.class

[DETECTION] Contains recognition pattern of the JAVA/Agent.X.1 Java virus

Begin scan in 'D:\' <RECOVERY>

Beginning disinfection:

C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\28293fa0-5406d4d6

[DETECTION] Contains recognition pattern of the JAVA/Agent.X.1 Java virus

[NOTE] The file was moved to the quarantine directory under the name '482b5423.qua'.

C:\Users\Robin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\78d32ff3-5fd2fc2c

[DETECTION] Contains recognition pattern of the JAVA/Agent.X.1 Java virus

[NOTE] The file was moved to the quarantine directory under the name '50ee7b84.qua'.

End of the scan: Monday, February 28, 2011 13:58

Used time: 1:08:19 Hour(s)

The scan has been done completely.

31540 Scanned directories

658071 Files were scanned

6 Viruses and/or unwanted programs were found

0 Files were classified as suspicious

0 files were deleted

0 Viruses and unwanted programs were repaired

2 Files were moved to quarantine

0 Files were renamed

0 Files cannot be scanned

658065 Files not concerned

4798 Archives were scanned

0 Warnings

2 Notes

766148 Objects were scanned with rootkit scan

2 Hidden objects were found

This makes me wonder if I should uninstall anything that has to do with Java???????????

What do you think about that idea??????????? Please advise.

Thanks,

South of the James

[LDTate]

http://forums.malwarebytes.org/index.php?showtopic=76537