Help understanding scan results | NotebookReview

caribbean_spur Notebook Consultant

Reputations:: 0

Messages:: 140

Likes Received:: 0

Trophy Points:: 30

Hi,

can somebody tell me if the hidden objects found by avira bad?Here is the report:

Avira AntiVir Personal
Report file date: Wednesday, November 10, 2010 17:12

Scanning for 3030851 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows 7
Windows version : (plain) [6.1.7600]
Boot mode : Normally booted
Username :
Computer name :

Version information:
BUILD.DAT : 10.0.0.592 31823 Bytes 8/9/2010 11:00:00
AVSCAN.EXE : 10.0.3.1 434344 Bytes 11/2/2010 23:21:25
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/20/2010 23:29:22
LUKE.DLL : 10.0.2.3 104296 Bytes 3/7/2010 22:33:04
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 03:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 12:35:52
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 01:43:07
VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 00:55:07
VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 01:57:49
VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 01:57:18
VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 19:53:18
VBASE006.VDF : 7.10.7.218 2294784 Bytes 6/2/2010 19:53:46
VBASE007.VDF : 7.10.9.165 4840960 Bytes 7/23/2010 19:54:34
VBASE008.VDF : 7.10.11.133 3454464 Bytes 9/13/2010 19:55:14
VBASE009.VDF : 7.10.13.80 2265600 Bytes 11/2/2010 23:21:25
VBASE010.VDF : 7.10.13.81 2048 Bytes 11/2/2010 23:21:25
VBASE011.VDF : 7.10.13.82 2048 Bytes 11/2/2010 23:21:25
VBASE012.VDF : 7.10.13.83 2048 Bytes 11/2/2010 23:21:25
VBASE013.VDF : 7.10.13.116 147968 Bytes 11/4/2010 22:11:11
VBASE014.VDF : 7.10.13.147 146944 Bytes 11/7/2010 02:00:58
VBASE015.VDF : 7.10.13.180 123904 Bytes 11/9/2010 02:01:10
VBASE016.VDF : 7.10.13.181 2048 Bytes 11/9/2010 02:01:10
VBASE017.VDF : 7.10.13.182 2048 Bytes 11/9/2010 02:01:10
VBASE018.VDF : 7.10.13.183 2048 Bytes 11/9/2010 02:01:10
VBASE019.VDF : 7.10.13.184 2048 Bytes 11/9/2010 02:01:10
VBASE020.VDF : 7.10.13.185 2048 Bytes 11/9/2010 02:01:10
VBASE021.VDF : 7.10.13.186 2048 Bytes 11/9/2010 02:01:11
VBASE022.VDF : 7.10.13.187 2048 Bytes 11/9/2010 02:01:11
VBASE023.VDF : 7.10.13.188 2048 Bytes 11/9/2010 02:01:11
VBASE024.VDF : 7.10.13.189 2048 Bytes 11/9/2010 02:01:11
VBASE025.VDF : 7.10.13.190 2048 Bytes 11/9/2010 02:01:11
VBASE026.VDF : 7.10.13.191 2048 Bytes 11/9/2010 02:01:11
VBASE027.VDF : 7.10.13.192 2048 Bytes 11/9/2010 02:01:12
VBASE028.VDF : 7.10.13.193 2048 Bytes 11/9/2010 02:01:12
VBASE029.VDF : 7.10.13.194 2048 Bytes 11/9/2010 02:01:12
VBASE030.VDF : 7.10.13.195 2048 Bytes 11/9/2010 02:01:13
VBASE031.VDF : 7.10.13.196 2048 Bytes 11/9/2010 02:01:13
Engineversion : 8.2.4.92
AEVDF.DLL : 8.1.2.1 106868 Bytes 10/30/2010 19:56:31
AESCRIPT.DLL : 8.1.3.46 1364347 Bytes 11/4/2010 01:00:39
AESCN.DLL : 8.1.6.1 127347 Bytes 10/30/2010 19:56:24
AESBX.DLL : 8.1.3.1 254324 Bytes 10/30/2010 19:56:33
AERDL.DLL : 8.1.9.2 635252 Bytes 10/30/2010 19:56:23
AEPACK.DLL : 8.2.3.11 471416 Bytes 10/30/2010 19:56:18
AEOFFICE.DLL : 8.1.1.8 201081 Bytes 10/30/2010 19:56:15
AEHEUR.DLL : 8.1.2.38 2990455 Bytes 11/4/2010 01:00:37
AEHELP.DLL : 8.1.14.0 246134 Bytes 10/30/2010 19:56:01
AEGEN.DLL : 8.1.3.24 401781 Bytes 11/4/2010 01:00:35
AEEMU.DLL : 8.1.2.0 393588 Bytes 10/30/2010 19:55:58
AECORE.DLL : 8.1.17.0 196982 Bytes 10/30/2010 19:55:57
AEBB.DLL : 8.1.1.0 53618 Bytes 10/30/2010 19:55:55
AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 16:03:38
AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 16:03:35
AVREP.DLL : 10.0.0.8 62209 Bytes 2/18/2010 20:47:40
AVREG.DLL : 10.0.3.2 53096 Bytes 11/2/2010 23:21:25
AVSCPLR.DLL : 10.0.3.1 83816 Bytes 11/2/2010 23:21:25
AVARKT.DLL : 10.0.0.14 227176 Bytes 4/20/2010 23:29:22
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 13:53:30
SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 16:57:58
AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 19:38:56
NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 18:41:00
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 17:10:20
RCTEXT.DLL : 10.0.58.0 97128 Bytes 11/2/2010 23:21:25

Configuration settings for the scan:
Jobname.............................: Scan for Rootkits and active malware
Configuration file..................: C:\ProgramData\Avira\AntiVir Desktop\PROFILES\rootkit.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Deviating archive types.............: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox, +ISO,
Macro heuristic.....................: on
File heuristic......................: high
Deviating risk categories...........: +PFS,

Start of the scan: Wednesday, November 10, 2010 17:12

Starting search for hidden objects.
HKEY_LOCAL_MACHINE\Software\Microsoft\Environment\licence0
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\comodo system cleaner registry protection
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A6CC8B53-7449-4C6A-A501-F5AA9BEFBCDC}\path
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A6CC8B53-7449-4C6A-A501-F5AA9BEFBCDC}\triggers
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A6CC8B53-7449-4C6A-A501-F5AA9BEFBCDC}\dynamicinfo
[NOTE] The registry entry is invisible.
\\?\ROOT#*ISATAP#0005#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{487B397F-9EA1-4C2D-ADAB-279A84382CE8}
ROOT#*ISATAP#0005#{ad498944-762f-11d0-8dcb-00c04fc3358c}\{487B397F-9EA1-4C2D-ADAB-279A84382CE8}
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet003\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{487B397F-9EA1-4C2D-ADAB-279A84382CE8}\Connection\defaultnameresourceid
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet003\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{487B397F-9EA1-4C2D-ADAB-279A84382CE8}\Connection\defaultnameindex
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet003\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{487B397F-9EA1-4C2D-ADAB-279A84382CE8}\Connection\name
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet003\services\iphlpsvc\Parameters\Isatap\{487B397F-9EA1-4C2D-ADAB-279A84382CE8}\interfacename
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet003\services\iphlpsvc\Parameters\Isatap\{487B397F-9EA1-4C2D-ADAB-279A84382CE8}\reusabletype
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet003\services\TCPIP6\Parameters\Interfaces\{487b397f-9ea1-4c2d-adab-279a84382ce8}\dhcpv6iaid
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet003\services\TCPIP6\Parameters\Interfaces\{487b397f-9ea1-4c2d-adab-279a84382ce8}\dhcpv6state
[NOTE] The registry entry is invisible.

The scan of running processes will be started
Scan process 'taskeng.exe' - '26' Module(s) have been scanned
Scan process 'svchost.exe' - '28' Module(s) have been scanned
Scan process 'vssvc.exe' - '47' Module(s) have been scanned
Scan process 'avscan.exe' - '75' Module(s) have been scanned
Scan process 'avcenter.exe' - '132' Module(s) have been scanned
Scan process 'svchost.exe' - '58' Module(s) have been scanned
Scan process 'chrome.exe' - '41' Module(s) have been scanned
Scan process 'chrome.exe' - '41' Module(s) have been scanned
Scan process 'chrome.exe' - '81' Module(s) have been scanned
Scan process 'svchost.exe' - '59' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '32' Module(s) have been scanned
Scan process 'OAreg.exe' - '22' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '114' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '61' Module(s) have been scanned
Scan process 'sidebar.exe' - '97' Module(s) have been scanned
Scan process 'OAhlp.exe' - '54' Module(s) have been scanned
Scan process 'oaui.exe' - '62' Module(s) have been scanned
Scan process 'conhost.exe' - '34' Module(s) have been scanned
Scan process 'svchost.exe' - '57' Module(s) have been scanned
Scan process 'HidFind.exe' - '40' Module(s) have been scanned
Scan process 'psqltray.exe' - '86' Module(s) have been scanned
Scan process 'Apntex.exe' - '37' Module(s) have been scanned
Scan process 'jusched.exe' - '40' Module(s) have been scanned
Scan process 'wmdc.exe' - '53' Module(s) have been scanned
Scan process 'ApMsgFwd.exe' - '33' Module(s) have been scanned
Scan process 'lxdiamon.exe' - '86' Module(s) have been scanned
Scan process 'avgnt.exe' - '72' Module(s) have been scanned
Scan process 'Apoint.exe' - '50' Module(s) have been scanned
Scan process 'sttray.exe' - '47' Module(s) have been scanned
Scan process 'OEM02Mon.exe' - '44' Module(s) have been scanned
Scan process 'Explorer.EXE' - '150' Module(s) have been scanned
Scan process 'svchost.exe' - '37' Module(s) have been scanned
Scan process 'Dwm.exe' - '45' Module(s) have been scanned
Scan process 'taskhost.exe' - '51' Module(s) have been scanned
Scan process 'svchost.exe' - '32' Module(s) have been scanned
Scan process 'nvSCPAPISvr.exe' - '28' Module(s) have been scanned
Scan process 'STacSV.exe' - '36' Module(s) have been scanned
Scan process 'conhost.exe' - '14' Module(s) have been scanned
Scan process 'ReflectService.exe' - '25' Module(s) have been scanned
Scan process 'avshadow.exe' - '37' Module(s) have been scanned
Scan process 'lxdicoms.exe' - '33' Module(s) have been scanned
Scan process 'lxdiserv.exe' - '23' Module(s) have been scanned
Scan process 'svchost.exe' - '65' Module(s) have been scanned
Scan process 'svchost.exe' - '26' Module(s) have been scanned
Scan process 'avguard.exe' - '65' Module(s) have been scanned
Scan process 'aestsrv.exe' - '8' Module(s) have been scanned
Scan process 'svchost.exe' - '61' Module(s) have been scanned
Scan process 'sched.exe' - '48' Module(s) have been scanned
Scan process 'spoolsv.exe' - '99' Module(s) have been scanned
Scan process 'upeksvr.exe' - '66' Module(s) have been scanned
Scan process 'nvvsvc.exe' - '49' Module(s) have been scanned
Scan process 'NvXDSync.exe' - '39' Module(s) have been scanned
Scan process 'oasrv.exe' - '65' Module(s) have been scanned
Scan process 'OAcat.exe' - '36' Module(s) have been scanned
Scan process 'svchost.exe' - '69' Module(s) have been scanned
Scan process 'svchost.exe' - '78' Module(s) have been scanned
Scan process 'svchost.exe' - '148' Module(s) have been scanned
Scan process 'svchost.exe' - '123' Module(s) have been scanned
Scan process 'svchost.exe' - '92' Module(s) have been scanned
Scan process 'svchost.exe' - '34' Module(s) have been scanned
Scan process 'nvvsvc.exe' - '35' Module(s) have been scanned
Scan process 'svchost.exe' - '52' Module(s) have been scanned
Scan process 'winlogon.exe' - '31' Module(s) have been scanned
Scan process 'lsm.exe' - '16' Module(s) have been scanned
Scan process 'lsass.exe' - '85' Module(s) have been scanned
Scan process 'services.exe' - '33' Module(s) have been scanned
Scan process 'csrss.exe' - '16' Module(s) have been scanned
Scan process 'wininit.exe' - '26' Module(s) have been scanned
Scan process 'csrss.exe' - '16' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

End of the scan: Wednesday, November 10, 2010 17:15
Used time: 03:08 Minute(s)

The scan has been done completely.

0 Scanned directories
3703 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
3703 Files not concerned
0 Archives were scanned
0 Warnings
0 Notes
555702 Objects were scanned with rootkit scan
13 Hidden objects were found

caribbean_spur, Nov 10, 2010

#1

caribbean_spur Notebook Consultant

Reputations:: 0

Messages:: 140

Likes Received:: 0

Trophy Points:: 30

I also want to add, I ran superantispyware and malwarebytes and they did not find anything.

I ran comodo registry cleaner and regcleaner but none of these registry entries showed up.

caribbean_spur, Nov 10, 2010

#2

mrintech Notebook Enthusiast

Reputations:: 0

Messages:: 10

Likes Received:: 0

Trophy Points:: 5

Make use of Hijack This and Analyze the Log right here

I will recommend you to scan your whole PC with Kaspersky if you are concerned

mrintech, Nov 11, 2010

#3

caribbean_spur Notebook Consultant

Reputations:: 0

Messages:: 140

Likes Received:: 0

Trophy Points:: 30

Thanks! I will try hijack this.

I did run the rescue Cd of kapersky and it did not find anything.

caribbean_spur, Nov 11, 2010

#4

MoabUtah Notebook Consultant

Reputations:: 85

Messages:: 134

Likes Received:: 0

Trophy Points:: 30

Even though they are hidden, they were scanned by AntiVir, and would have been flagged if they were part of an infection.

Since AntiVir found no infections and neither did Kaspersky rescue CD, you are clean.

.

MoabUtah, Nov 13, 2010

#5