help needed please

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by 868, Jul 6, 2013.

  1. 868

    868 Private E-2

    after runnuing a scan with avira free, a virus was found somthing to do with memory sorry cant remember what it said on first scan, i have also run scans with malwarebytes free, trendmicro rootkit and spybot and nothing was found.
    this is a 2nd scan run using avira again after cleaning and a restart it mentions hidden driver ? :-
    Version information:
    BUILD.DAT : 13.0.0.3737 54853 Bytes 20/06/2013 15:44:00
    AVSCAN.EXE : 13.6.0.1722 634936 Bytes 01/07/2013 13:46:23
    AVSCANRC.DLL : 13.6.0.1550 52280 Bytes 01/07/2013 13:46:23
    LUKE.DLL : 13.6.0.1550 65080 Bytes 01/07/2013 13:46:53
    AVSCPLR.DLL : 13.6.0.1712 92216 Bytes 01/07/2013 13:46:26
    AVREG.DLL : 13.6.0.1550 247864 Bytes 01/07/2013 13:46:22
    avlode.dll : 13.6.2.1704 449592 Bytes 01/07/2013 13:46:09
    avlode.rdf : 13.0.1.18 26349 Bytes 21/06/2013 20:35:57
    VBASE000.VDF : 7.11.70.0 66736640 Bytes 04/04/2013 10:00:13
    VBASE001.VDF : 7.11.74.226 2201600 Bytes 30/04/2013 18:31:50
    VBASE002.VDF : 7.11.80.60 2751488 Bytes 28/05/2013 18:31:55
    VBASE003.VDF : 7.11.85.214 2162688 Bytes 21/06/2013 20:35:55
    VBASE004.VDF : 7.11.85.215 2048 Bytes 21/06/2013 20:35:55
    VBASE005.VDF : 7.11.85.216 2048 Bytes 21/06/2013 20:35:55
    VBASE006.VDF : 7.11.85.217 2048 Bytes 21/06/2013 20:35:55
    VBASE007.VDF : 7.11.85.218 2048 Bytes 21/06/2013 20:35:55
    VBASE008.VDF : 7.11.85.219 2048 Bytes 21/06/2013 20:35:55
    VBASE009.VDF : 7.11.85.220 2048 Bytes 21/06/2013 20:35:55
    VBASE010.VDF : 7.11.85.221 2048 Bytes 21/06/2013 20:35:55
    VBASE011.VDF : 7.11.85.222 2048 Bytes 21/06/2013 20:35:55
    VBASE012.VDF : 7.11.85.223 2048 Bytes 21/06/2013 20:35:55
    VBASE013.VDF : 7.11.85.224 2048 Bytes 21/06/2013 20:35:55
    VBASE014.VDF : 7.11.86.93 870400 Bytes 24/06/2013 16:18:32
    VBASE015.VDF : 7.11.86.223 331776 Bytes 25/06/2013 23:12:24
    VBASE016.VDF : 7.11.87.67 204800 Bytes 27/06/2013 15:21:07
    VBASE017.VDF : 7.11.87.157 247296 Bytes 28/06/2013 20:08:39
    VBASE018.VDF : 7.11.87.221 196608 Bytes 30/06/2013 13:45:42
    VBASE019.VDF : 7.11.88.51 356352 Bytes 02/07/2013 16:58:41
    VBASE020.VDF : 7.11.88.119 182272 Bytes 03/07/2013 12:29:14
    VBASE021.VDF : 7.11.88.213 266752 Bytes 05/07/2013 11:08:17
    VBASE022.VDF : 7.11.88.214 2048 Bytes 05/07/2013 11:08:17
    VBASE023.VDF : 7.11.88.215 2048 Bytes 05/07/2013 11:08:18
    VBASE024.VDF : 7.11.88.216 2048 Bytes 05/07/2013 11:08:18
    VBASE025.VDF : 7.11.88.217 2048 Bytes 05/07/2013 11:08:18
    VBASE026.VDF : 7.11.88.218 2048 Bytes 05/07/2013 11:08:18
    VBASE027.VDF : 7.11.88.219 2048 Bytes 05/07/2013 11:08:18
    VBASE028.VDF : 7.11.88.220 2048 Bytes 05/07/2013 11:08:18
    VBASE029.VDF : 7.11.88.221 2048 Bytes 05/07/2013 11:08:19
    VBASE030.VDF : 7.11.88.222 2048 Bytes 05/07/2013 11:08:19
    VBASE031.VDF : 7.11.89.32 147968 Bytes 06/07/2013 11:08:19
    Engine version : 8.2.12.70
    AEVDF.DLL : 8.1.3.4 102774 Bytes 14/06/2013 18:32:11
    AESCRIPT.DLL : 8.1.4.130 487806 Bytes 04/07/2013 18:29:27
    AESCN.DLL : 8.1.10.4 131446 Bytes 26/03/2013 15:54:32
    AESBX.DLL : 8.2.5.12 606578 Bytes 29/11/2012 11:26:08
    AERDL.DLL : 8.2.0.128 688504 Bytes 14/06/2013 18:32:11
    AEPACK.DLL : 8.3.2.24 749945 Bytes 20/06/2013 11:50:57
    AEOFFICE.DLL : 8.1.2.60 205181 Bytes 18/06/2013 18:29:03
    AEHEUR.DLL : 8.1.4.450 6013306 Bytes 04/07/2013 18:29:26
    AEHELP.DLL : 8.1.27.4 266617 Bytes 27/06/2013 15:21:16
    AEGEN.DLL : 8.1.7.8 442742 Bytes 04/07/2013 18:29:22
    AEEXP.DLL : 8.4.0.34 201079 Bytes 14/06/2013 18:32:12
    AEEMU.DLL : 8.1.3.2 393587 Bytes 29/11/2012 11:26:05
    AECORE.DLL : 8.1.31.6 201081 Bytes 27/06/2013 15:21:14
    AEBB.DLL : 8.1.1.4 53619 Bytes 29/11/2012 11:26:05
    AVWINLL.DLL : 13.6.0.1550 23608 Bytes 01/07/2013 13:45:40
    AVPREF.DLL : 13.6.0.1550 48184 Bytes 01/07/2013 13:46:22
    AVREP.DLL : 13.6.0.1550 175672 Bytes 01/07/2013 13:46:23
    AVARKT.DLL : 13.6.0.1626 258104 Bytes 01/07/2013 13:45:53
    AVEVTLOG.DLL : 13.6.0.1550 164920 Bytes 01/07/2013 13:46:02
    SQLITE3.DLL : 3.7.0.1 397704 Bytes 25/01/2013 09:25:48
    AVSMTP.DLL : 13.6.0.1550 59960 Bytes 01/07/2013 13:46:31
    NETNT.DLL : 13.6.0.1550 13368 Bytes 01/07/2013 13:46:53
    RCIMAGE.DLL : 13.4.0.360 4782880 Bytes 07/12/2012 08:39:51
    RCTEXT.DLL : 13.6.0.1624 65080 Bytes 01/07/2013 13:45:40

    Configuration settings for the scan:
    Jobname.............................: Local drives
    Configuration file..................: C:\program files (x86)\avira\antivir desktop\alldrives.avp
    Reporting...........................: default
    Primary action......................: Interactive
    Secondary action....................: Ignore
    Scan master boot sector.............: on
    Scan boot sector....................: on
    Boot sectors........................: C:, G:, F:, D:, E:,
    Process scan........................: on
    Scan registry.......................: on
    Search for rootkits.................: on
    Integrity checking of system files..: on
    Scan all files......................: All files
    Scan archives.......................: on
    Limit recursion depth...............: 20
    Smart extensions....................: on
    Deviating archive types.............: +, +, +, +, +, +, +, +,
    Macrovirus heuristic................: on
    File heuristic......................: Complete

    Start of the scan: 06 July 2013 13:43

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!
    Boot sector 'G:\'
    [INFO] No virus was found!

    Starting search for hidden objects.
    Error in ARK library
    Hidden driver

    The scan of running processes will be started:
    Scan process 'svchost.exe' - '52' Module(s) have been scanned
    Scan process 'ASCService.exe' - '49' Module(s) have been scanned
    Scan process 'nvvsvc.exe' - '35' Module(s) have been scanned
    Scan process 'nvSCPAPISvr.exe' - '34' Module(s) have been scanned
    Scan process 'avguard.exe' - '77' Module(s) have been scanned
    Scan process 'svchost.exe' - '36' Module(s) have been scanned
    Scan process 'avshadow.exe' - '35' Module(s) have been scanned
    Scan process 'svchost.exe' - '78' Module(s) have been scanned
    Scan process 'svchost.exe' - '99' Module(s) have been scanned
    Scan process 'svchost.exe' - '33' Module(s) have been scanned
    Scan process 'svchost.exe' - '127' Module(s) have been scanned
    Scan process 'svchost.exe' - '28' Module(s) have been scanned
    Scan process 'SbieSvc.exe' - '31' Module(s) have been scanned
    Scan process 'svchost.exe' - '65' Module(s) have been scanned
    Scan process 'nvxdsync.exe' - '50' Module(s) have been scanned
    Scan process 'nvvsvc.exe' - '47' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '80' Module(s) have been scanned
    Scan process 'sched.exe' - '45' Module(s) have been scanned
    Scan process 'svchost.exe' - '58' Module(s) have been scanned
    Scan process 'IMFsrv.exe' - '43' Module(s) have been scanned
    Scan process 'armsvc.exe' - '28' Module(s) have been scanned
    Scan process 'AERTSr64.exe' - '8' Module(s) have been scanned
    Scan process 'DTUpdate.exe' - '22' Module(s) have been scanned
    Scan process 'HiPatchService.exe' - '55' Module(s) have been scanned
    Scan process 'mbamscheduler.exe' - '37' Module(s) have been scanned
    Scan process 'mbamservice.exe' - '45' Module(s) have been scanned
    Scan process 'daemonu.exe' - '70' Module(s) have been scanned
    Scan process 'PnkBstrA.exe' - '32' Module(s) have been scanned
    Scan process 'RtlService.exe' - '30' Module(s) have been scanned
    Scan process 'RtWlan.exe' - '65' Module(s) have been scanned
    Scan process 'SDFSSvc.exe' - '84' Module(s) have been scanned
    Scan process 'svchost.exe' - '32' Module(s) have been scanned
    Scan process 'SDUpdSvc.exe' - '78' Module(s) have been scanned
    Scan process 'mbamgui.exe' - '39' Module(s) have been scanned
    Scan process 'taskhost.exe' - '29' Module(s) have been scanned
    Scan process 'Dwm.exe' - '32' Module(s) have been scanned
    Scan process 'SDWSCSvc.exe' - '31' Module(s) have been scanned
    Scan process 'Explorer.EXE' - '161' Module(s) have been scanned
    Scan process 'WUDFHost.exe' - '34' Module(s) have been scanned
    Scan process 'SynTPEnh.exe' - '53' Module(s) have been scanned
    Scan process 'FF_Protection.exe' - '34' Module(s) have been scanned
    Scan process 'RtkNGUI64.exe' - '48' Module(s) have been scanned
    Scan process 'RAVBg64.exe' - '47' Module(s) have been scanned
    Scan process 'NvTmru.exe' - '28' Module(s) have been scanned
    Scan process 'ouc.exe' - '9' Module(s) have been scanned
    Scan process 'taskeng.exe' - '29' Module(s) have been scanned
    Scan process 'taskeng.exe' - '27' Module(s) have been scanned
    Scan process 'taskeng.exe' - '30' Module(s) have been scanned
    Scan process 'Monitor.exe' - '55' Module(s) have been scanned
    Scan process 'nusb3mon.exe' - '36' Module(s) have been scanned
    Scan process 'SDTray.exe' - '99' Module(s) have been scanned
    Scan process 'EMET_notifier.exe' - '53' Module(s) have been scanned
    Scan process 'DataCardMonitor.exe' - '31' Module(s) have been scanned
    Scan process 'avgnt.exe' - '86' Module(s) have been scanned
    Scan process 'wmiprvse.exe' - '34' Module(s) have been scanned
    Scan process 'SearchIndexer.exe' - '50' Module(s) have been scanned
    Scan process 'nvtray.exe' - '50' Module(s) have been scanned
    Scan process 'SynTPHelper.exe' - '17' Module(s) have been scanned
    Scan process 'avcenter.exe' - '125' Module(s) have been scanned
    Scan process 'avscan.exe' - '112' Module(s) have been scanned
    Scan process 'vssvc.exe' - '47' Module(s) have been scanned
    Scan process 'svchost.exe' - '28' Module(s) have been scanned
    Scan process 'IAStorDataMgrSvc.exe' - '112' Module(s) have been scanned
    Scan process 'sppsvc.exe' - '27' Module(s) have been scanned
    Scan process 'svchost.exe' - '55' Module(s) have been scanned
    Scan process 'SearchProtocolHost.exe' - '29' Module(s) have been scanned
    Scan process 'SearchFilterHost.exe' - '27' Module(s) have been scanned
    Scan process 'smss.exe' - '2' Module(s) have been scanned
    Scan process 'csrss.exe' - '18' Module(s) have been scanned
    Scan process 'wininit.exe' - '26' Module(s) have been scanned
    Scan process 'csrss.exe' - '16' Module(s) have been scanned
    Scan process 'services.exe' - '33' Module(s) have been scanned
    Scan process 'lsass.exe' - '64' Module(s) have been scanned
    Scan process 'lsm.exe' - '16' Module(s) have been scanned
    Scan process 'winlogon.exe' - '31' Module(s) have been scanned

    Initiating scan of system files:
    Signed -> 'C:\Windows\system32\svchost.exe'
    Signed -> 'C:\Windows\system32\winlogon.exe'
    Signed -> 'C:\Windows\explorer.exe'
    Signed -> 'C:\Windows\system32\smss.exe'
    Signed -> 'C:\Windows\system32\wininet.DLL'
    Signed -> 'C:\Windows\system32\wsock32.DLL'
    Signed -> 'C:\Windows\system32\ws2_32.DLL'
    Signed -> 'C:\Windows\system32\services.exe'
    Signed -> 'C:\Windows\system32\lsass.exe'
    Signed -> 'C:\Windows\system32\csrss.exe'
    Signed -> 'C:\Windows\system32\drivers\kbdclass.sys'
    Signed -> 'C:\Windows\system32\spoolsv.exe'
    Signed -> 'C:\Windows\system32\alg.exe'
    Signed -> 'C:\Windows\system32\wuauclt.exe'
    Signed -> 'C:\Windows\system32\advapi32.DLL'
    Signed -> 'C:\Windows\system32\user32.DLL'
    Signed -> 'C:\Windows\system32\gdi32.DLL'
    Signed -> 'C:\Windows\system32\kernel32.DLL'
    Signed -> 'C:\Windows\system32\ntdll.DLL'
    Signed -> 'C:\Windows\system32\ntoskrnl.exe'
    Signed -> 'C:\Windows\system32\ctfmon.exe'
    The system files were scanned ('21' files)

    Starting to scan executable files (registry):
    The registry was scanned ( '3148' files ).
     
    868, Jul 6, 2013
    #1
  2. 868

    868 Private E-2

    also just ran iobit malware fighter free and nothing was found
     
    868, Jul 6, 2013
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    Please do not post logs inline with your messages like you did in message #1. All logs must be attachments. There is no infection in this log. It said >> No virus was found!

    If you are having malware problems please follow the instructions in the below link:

    READ & RUN ME FIRST. Malware Removal Guide
     
    chaslang, Jul 6, 2013
    #3

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds