TR/Unpacked.Gen

Hi,

I urgently need help in curing my pc…

I’m using Avira for detecting viruses, and in the last few days I’ve had LOTS of files infected with a trojan virus. Most files are in the temporary internet files folder, type of file is mostly .exe.

Name of the virus is TR/Unpacked.Gen. Another thing I find in the scan report is a detection named TR/Dldr.Age.3566386.

In search of a useful removal tool, I found the ‘spyware doctor’ program on PC Tools. I bought the program but when I run the scans it doesn’t detect any trojan, so this program doesn’t seem to be of any help either in removing it.

Whenever a pop-up came up from the avira ‘antivir guard’ to tell that a virus was found in a certain file, I moved most of the infected files to quarantine. I only get new pop-ups when I move files to the quarantine, so I decided not to choose any option and leave the pop-ups on the edge of the screen. This way I don’t get more pop-ups…

Please tell me what to do!

Hi
FYI this is the Avast forum not Avira AntiVir
however you wll get more help here :slight_smile:
Did you buy Avira AntiVir? or Free version? (you could do worse BTW)
Mandatory question did your computer come preinstalled with another AV or Suite like McAfee or Norton or have you EVER had another AV on your computer?

Spyware doctor is a good program if you have the resources to run it
It provides additional full time protection so keep it updated and active

first clean your temporary internet files! use ATF Cleaner, CCleaner or Internet options if using IE

run a complete AV scan and move hits to quarantine
if anything will not move let us know
If AV says it has to reboot to move/ quarantine then do it immediately

I’d suggest to start an on line AV scan from Dr Web Cure it, Panda, Bit Defender etc
for a second opinion
post the log if any hits
and quarantine do not remove/ delete

then go to the Malwarebytes.org website and run their free ROGUE REMOVER and Malwarebytes antimalware
With MBAM
put a check next to any hits and then click REMOVE SELECTED- a backup will be made
post log
This is an “on Demand Scan” and will not take any resources once run

then read the stickie at the top of this forum and post a HJT

do not be concerned about hits in System Restore

Thanks a lot for your advices.

Ok, at first I felt pretty embarrased to tell about the following, but now I’m just confused… I was looking for an ATF cleaner… I don’t remember on which site I ended up, but got the same menu as shown on the image in this link: http://www.geekstogo.com/forum/index.php?autocom=downloads&showfile=21 . I wanted to get things done fast and didn’t carefully read the first line… it doesn’t say ‘select files to clean’ but ‘select files to delete’ … I clicked ‘donate’ but then realised that this seems really wrong, so I tried shutting down everything immediately and disconnected my internet connection. I checked my temp. internet files and recycle bin, but they were empty. :o I selected all the files in the list but when I disconnected I didn’t remember other than temp. internet files and recycle bin, so I haven’t been able to check yet if all the other selected files were also emptied (I’m now using another pc).

Is this normal??? It doesn’t seem good to me, but now I see the same cleaner on geekstogo.com and it doesn’t say anything about any danger of this program. ???

Please let me know about this, and if I can just go online again and do the other scans and clean-ups that you mentioned.

Ah and to answer your questions: I have a free version of Avira. For as far as I can remember my pc didn’t come preinstalled with another antivirus program. I had other antivirus and anti spyware programs installed later, like Norton and ad-aware, but later on I chose Avira because the other (free) programs had expired I think. The first thing I bought was the Spyware doctor. I don’t know what is meant with the right recources to run it, but I have windows XP (don’t know if that says anything :wink: ).

Thanks again for your advice, i really appreciate it.

Ha die Renate,

This could well be a generic find for you having two resident AV scanners, it is advisable to only and only have one. If Avira runs together with avast it detects avast as the virus you have found.
Post attached a logfile txt of a hijackthis scan and we will have a look. HJT can be downloaded here:
http://www.filehippo.com/download_hijackthis/download/58170ee6e58bba306c943f5b6d745c99/

Translation for Dutch user -
OK omdat je een Nederlandse bent schrijf ik dit nog even in het Nederlands, het is echt verkeerd om twee residente scanners op je computer te hebben, ze gaan elkaar dan echt in de weg zitten. Er zijn ook scanners die samen met bijvoorbeeld Avira of avast kunnen worden gebruikt, bijv de niet-residente av-scanner ClamWin bijvoorbeeld en sommige anti-malware scanners. Heb je misschien twee residente (dus steeds alles controlerende) scanners draaien, verwijder ze zodat je er slechts 1 van overhoudt. Plak even een hijackthis logfile tekstje bij je antwoord, dan kan ik dat analyseren (zal wel morgenavond zijn, want ik heb nog wat verplichtingen morgen),

groetjes,

polonus

I don’t have Avast, at the moment just Avira and Spyware Doctor. Would it be enough to just run SD and remove Avira?

And about the ATF cleaner (see my second post), what to do with that? Is it supposed to work the way I described, or did I do something terribly wrong?

:-\ I’m not getting the thing about the logfile of a HJT… (sorry, have to get into this technical language…)

:wink:
Renate

No do not remove avira, why dont you post ( copy and paste ) the scan results of a Avira scan.
Don’t worry about the ATF cleaner,it looks very harmless ( as long as you got it from a reputable site ) the donation option you clicked,is just that,because its free,they are asking for donations.Have another read of wymriders 1st post carefully ,and try his suggestions.HijackThis is a program that produces a log of things running on your pc.Someone will examine the log for threats,which can then be fixed using HJT.Polonus has posted a link to download the program.A scan takes literally seconds,you can then copy and paste the log. One last thing, have you tried scanning with Avira in safemode.This is where on booting your pc,you tp the f8 key,a screen appears with options,choose safemode,then do a scan.

I do not think ATFCleaner could hurt your computer one way or the other
It just cleans up temp files so there is not so much clutter

Catch up on the suggestions, cycle back to the top and work down

however :slight_smile:
google REMOVE NORTON PC HELL
and follow the instructions at the PCHELL site
you need to run the Norton/Semantic removal TOOL
old NORTONS will interfere with Avast, Antivir or any other AV causing lots of hard to diagnose problems

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:32:12, on 29-9-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Wireless 802.11g Monitor\XPFix.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\KPN\bin\sprtcmd.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE
C:\Program Files\Common Files\MicroWorld\Agent\MWAgent.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\KPN\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\KPN\agent\bin\bcont_nm.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM..\Run: [VTTimer] VTTimer.exe
O4 - HKLM..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM..\Run: [XPFix] C:\Program Files\Wireless 802.11g Monitor\XPFix.exe
O4 - HKLM..\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM..\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe”
O4 - HKLM..\Run: [avgnt] “C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe” /min
O4 - HKLM..\Run: [KPN] “C:\Program Files\KPN\bin\sprtcmd.exe” /P KPN
O4 - HKLM..\Run: [ISTray] “C:\Program Files\Spyware Doctor\pctsTray.exe”
O4 - HKCU..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKCU..\Run: [MsnMsgr] “C:\Program Files\MSN Messenger\MsnMsgr.Exe” /background
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU..\Run: [updateMgr] “C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe” AcRdB7_0_9 -reboot 1
O4 - HKUS\S-1-5-19..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Lokale service’)
O4 - HKUS\S-1-5-20..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Netwerkservice’)
O4 - HKUS\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: BHCP Service (BHsrv) - Unknown owner - C:\WINDOWS\system32\Bhsrv.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MWAgent - MicroWorld Technologies Inc. - C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SupportSoft Sprocket Service (KPN) (sprtsvc_KPN) - SupportSoft, Inc. - C:\Program Files\KPN\bin\sprtsvc.exe


End of file - 7177 bytes

Hi Renate,

At the moment I cannot see much wrong with the hjt logfile. Only these remarks:
A newer version of service pack is available. Service packs increase the safety of your system. Visit Microsoft’s windowsupdate site to download the newest version of the service pack.
We didn’t detect any active process of a firewall on your system. Reasons maybe:
(1.) You are using the windows firewall or a hardware firewall.
(2.) You are using a firewall of an unknown vendor.
(3.) You are using a firewall, but for unknown reasons it is disabled
(4.) You don’t use any firewall at all.
We recommend you to use a firewall.
Service pack can be updated after we have established that your computer is malware free, but a free software firewall could be installed. It is a must to be secure on the Internet. You could also check whether you have the latest version of Sun Java on your computer,

polonus

I did an Avira scan and it doesn’t detect a virus either, but gives few warnings.

Pretty strange, because I got overloaded with pop-ups like I described in opening post.

I uninstalled/removed some old version of symantic av that I had, hadn’t been used for almost a year, and removed some additional old shit that I didn’t use anymore… the pop ups stopped (so far)…

Polonus (or anyone else), could you just check out the warnings in this scan report and advice me what to do about it?

Ah in addition to your post: I’m using the windows firewall.

I’ll also try the rogue remover suggested by wyrmrider…

Here’s the report:

Avira AntiVir Personal
Report file date: maandag 29 september 2008 22:38

Scanning for 1641354 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: RENATE08

Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 12-8-2008 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 12-8-2008 19:44:08
AVSCAN.DLL : 8.1.4.0 40705 Bytes 12-8-2008 19:44:06
LUKE.DLL : 8.1.4.5 164097 Bytes 12-8-2008 19:45:08
LUKERES.DLL : 8.1.4.0 12033 Bytes 12-8-2008 19:45:09
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18-7-2007 09:57:15
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24-6-2008 10:16:02
ANTIVIR2.VDF : 7.0.6.153 3341312 Bytes 12-9-2008 00:51:40
ANTIVIR3.VDF : 7.0.6.207 415744 Bytes 24-9-2008 00:51:43
Engineversion : 8.1.1.35
AEVDF.DLL : 8.1.0.5 102772 Bytes 18-4-2008 04:15:07
AESCRIPT.DLL : 8.1.0.76 319867 Bytes 25-9-2008 00:51:53
AESCN.DLL : 8.1.0.23 119156 Bytes 15-7-2008 20:13:42
AERDL.DLL : 8.1.1.2 438644 Bytes 25-9-2008 00:51:51
AEPACK.DLL : 8.1.2.3 364918 Bytes 25-9-2008 00:51:50
AEOFFICE.DLL : 8.1.0.25 196986 Bytes 25-9-2008 00:51:48
AEHEUR.DLL : 8.1.0.59 1438071 Bytes 25-9-2008 00:51:47
AEHELP.DLL : 8.1.0.15 115063 Bytes 3-6-2008 04:17:41
AEGEN.DLL : 8.1.0.36 315764 Bytes 19-8-2008 09:37:52
AEEMU.DLL : 8.1.0.7 430452 Bytes 12-8-2008 19:46:53
AECORE.DLL : 8.1.1.11 172406 Bytes 11-9-2008 20:07:07
AEBB.DLL : 8.1.0.1 53617 Bytes 17-7-2008 08:24:51
AVWINLL.DLL : 1.0.0.12 15105 Bytes 12-8-2008 19:44:09
AVPREF.DLL : 8.0.2.0 38657 Bytes 12-8-2008 19:44:04
AVREP.DLL : 8.0.0.2 98344 Bytes 12-8-2008 19:46:49
AVREG.DLL : 8.0.0.1 33537 Bytes 12-8-2008 19:44:05
AVARKT.DLL : 1.0.0.23 307457 Bytes 18-4-2008 04:14:37
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12-8-2008 19:43:58
SQLITE3.DLL : 3.3.17.1 339968 Bytes 18-4-2008 04:14:56
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12-8-2008 19:45:33
NETNT.DLL : 8.0.0.1 7937 Bytes 18-4-2008 04:14:54
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 19-7-2008 04:36:26
RCTEXT.DLL : 8.0.52.0 86273 Bytes 19-7-2008 04:36:29

Configuration settings for the scan:
Jobname…: Complete system scan
Configuration file…: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging…: low
Primary action…: interactive
Secondary action…: ignore
Scan master boot sector…: on
Scan boot sector…: on
Boot sectors…: C:,
Process scan…: on
Scan registry…: on
Search for rootkits…: off
Scan all files…: All files
Scan archives…: on
Recursion depth…: 20
Smart extensions…: on
Macro heuristic…: on
File heuristic…: medium

Start of the scan: maandag 29 september 2008 22:38

The scan of running processes will be started
Scan process ‘avscan.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘avcenter.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘wuauclt.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘cidaemon.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘bcont_nm.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘iexplore.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘wuauclt.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘wscntfy.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘alg.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘wdfmgr.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘svchost.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘sprtsvc.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘pctsSvc.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘pctsAuxs.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘MWAGENT.EXE’ - ‘1’ Module(s) have been scanned
Scan process ‘MWASER.EXE’ - ‘1’ Module(s) have been scanned
Scan process ‘MDM.EXE’ - ‘1’ Module(s) have been scanned
Scan process ‘cisvc.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘sched.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘WZQKPICK.EXE’ - ‘1’ Module(s) have been scanned
Scan process ‘ApntEx.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘GoogleToolbarNotifier.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘ctfmon.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘Monitor.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘pctsTray.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘sprtcmd.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘avgnt.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘jusched.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘XPFix.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘Apoint.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘AGRSMMSG.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘SOUNDMAN.EXE’ - ‘1’ Module(s) have been scanned
Scan process ‘VTTimer.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘explorer.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘avguard.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘spoolsv.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘svchost.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘svchost.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘svchost.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘svchost.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘svchost.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘lsass.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘services.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘winlogon.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘csrss.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘smss.exe’ - ‘1’ Module(s) have been scanned
46 processes with 46 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( ‘58’ files ).

Starting the file scan:

Begin scan in 'C:'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!

End of the scan: dinsdag 30 september 2008 00:00
Used time: 1:22:53 Hour(s)

The scan has been done completely.

6021 Scanning directories
236105 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
236103 Files not concerned
7084 Archives were scanned
2 Warnings
0 Notes

well your avira scan looks clean and hjt polonus says looks ok
really good news?
are you free to go
no
somethings hide from both HJT and AV scans
so do the MBAM thing
go to Post Reply 1 and work back down the thread

Avast forum is manned by volunteers
Other forums you get ONE helper and One opinion
here you get many opinions and sometimes it is hard to stay on track (and to prioritize, separate the wheat from the chaff etc.)

DID YOU RUN THE NORTON REMOVAL TOOL?
be specific in your answer- I can’t tell from your response if you did or not and I guarantee problems down the road if you did not.

post that MBAM logg remember to click REMOVE SELECTED
then we’ll talk about how to not let this happen again

what were these popups
were they from NORTON complaining that your AV was not active?
(that’ll drive you nuts)

lots to do
firewall
SP-3
run
“secunia software inspector”
remove ALL old Java
etc