For 3 days in a row, AVG by Grisoft (free version, which ceases support in Jan.), has informed me that it auto heals something called TROJAN HORSE DROPPER AGENT BMH

And yet it remains there each day.

I know I should boot in safe mode and try some things, but I want some feedback asap.

I have McAffee and it does not even detect the problem. I also have spybot search and destroy, and have teatimer active.

Here is the hijack log I just ran.

Thanks for any help.

I do not understand why sometimes, something is flagged by an AV, but not removed.

Logfile of HijackThis v1.99.1
Scan saved at 12:12:16 PM, on 12/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\LogMeIn\RaMaint.exe
C:\Program Files\LogMeIn\LogMeIn.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft SQL Server\MSSQL$WASPDB\Binn\sqlservr.exe
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\ACT\ACT for Windows\Act.Outlook.Service.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\Program Files\LogMeIn\LogMeInSystray.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\svchost.exe
C:\Palm\Hotsync.exe
C:\Program Files\Mightyfax\MFNTCTL.EXE
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\FedEx\ShipManager\Bin\poc.exe
C:\PROGRA~1\FedEx\SHIPMA~1\Bin\applogic.exe
C:\PROGRA~1\FedEx\SHIPMA~1\Bin\ABSDAT~1.EXE
C:\PROGRA~1\FedEx\SHIPMA~1\Bin\ADMINSVC.EXE
C:\Program Files\FedEx\ShipManager\ASA\win32\DBsrv9.EXE
C:\PROGRA~1\FedEx\SHIPMA~1\Bin\rate.exe
C:\PROGRA~1\FedEx\SHIPMA~1\Bin\comm.exe
C:\PROGRA~1\FedEx\SHIPMA~1\Bin\REPORT~2.EXE
C:\PROGRA~1\FedEx\SHIPMA~1\Bin\LABELF~1.EXE
C:\PROGRA~1\FedEx\SHIPMA~1\Bin\REVSER~1.EXE
C:\PROGRA~1\FedEx\INTEGR~1\ASSIST~1\IASE.exe
C:\PROGRA~1\FedEx\SHIPMA~1\Bin\REPORT~1.EXE
C:\Program Files\Microsoft Office\OFFICE11\MSACCESS.EXE
C:\Program Files\SQLyog Community\SQLyog.exe
C:\Program Files\Intuit\QuickBooks 2007\qbw32.exe
C:\Program Files\Common Files\Intuit\QuickBooks\axlbridge.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgwb.dat
c:\program files\mcafee.com\vso\mcmnhdlr.exe
C:\PROGRA~1\mcafee.com\shared\mghtml.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Program Files\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile - {D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll (file missing)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Act.Outlook.Service] "C:\Program Files\ACT\ACT for Windows\Act.Outlook.Service.exe"
O4 - HKLM\..\Run: [Act! Preloader] "C:\Program Files\ACT\ACT for Windows\ActSage.exe" -preload
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Palm\Hotsync.exe
O4 - Global Startup: MightyFAX Controller.lnk = C:\Program Files\Mightyfax\MFNTCTL.EXE
O4 - Global Startup: PowerReg Scheduler.exe
O4 - Global Startup: QuickBooks Database Server Manager.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBServerUtilityMgr.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Attach Web page to ACT! contact - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra 'Tools' menuitem: Attach Web page to ACT! contact... - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.0.6.5.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\LogMeIn.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: SQL Server (ACT7) (MSSQL$ACT7) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sACT7 (file missing)
O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing)
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: QuickBooks Database Manager Service (QBCFMonitorService) - - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: QuickBooksDB - Intuit, Inc. - C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe
O23 - Service: QuickBooksDB17 - iAnywhere Solutions, Inc. - C:\PROGRA~1\Intuit\QUICKB~2\QBDBMgrN.exe
O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing)

I don't see anything in you log. AVG has been known for false positives. Can you get the file name (including path) that AVG detects?

Note: you should not run more than one AntiVirus affording realtime protection. If you want to keep both, then turn off realtime protection on one. WIth AVG expiring, you should uninstall it. There is a newer version of the free product, but since you have McAfee, I would not recommend installing it.

documents and settings/admin asst (that is me)/local settings/temp internet files/content.IE5/ATUNA1IJ/spsetup[1].exe\setup.exe

Thanks

You really and truly feel that Mcaffee is better than AVG. It seems to me in past that I have seen Mcaffee and norton miss things that avg catches,

I have also seen avg outperform FDISK from rikjavik iceland....

but maybe what i was seeing is false positives?

I hate mcaffee because it interfers with quickbooks in our peer 2 peer, such that mcaffee has to be turned off.... and it is hard to control separately fire wall, antivirus.... and their spam killer interferes with outlook..... i found avg less troublesome....

I had a REALLY nice fire wall, but they got bought out.... ... the fire wall still runs, but... no longer supported.... i liked the fire wall because it way easy to configure, control, understand....SYGATE was the name...

I found Norton such a resource hog in the past... but have not tried lately on newer more powerful machines...

I dislike all the 'bloatware' products, but given a choice of McAfee paid and AVG free, I would recommend McAfee strictly becasue of the expand scope of coverage.

Suprisingly, Avira's AntiVir has been given excellent marks and I would place their free version at the top of the list right just ahead of AOL's Active Shield AV (Kaspersky). My only oncern with Active Shield are privacy issues, but if you already have AIM installed (or AOL istelf) then Active Shield would be my choice.

If you don't mind paying for an AV, then the choices I would recommend are Kaspersky, NOD32 and AntiVir.

Thanks for the good tips on AV's. I rebooted in safe mode, reran avg, it still found the same virus, but did not heal or remove it.

While still in safe mode, I ran IE options, and deleted all temp files, since the villain seemed to be in temp files.

Then, I downloaded free Avira Antivir and am running it now, just to see if it catches anything.

Just to give some feedback: Avira Antivir free, finished its scan and found nothing. So, AVG must have given a false positive. McAffee also found nothing.

Here is the Antivir log:



AntiVir PersonalEdition Classic
Report file date: Friday, December 22, 2006 15:00

Scanning for 606539 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: Admin Assistant
Computer name: PC2

Version information:
BUILD.DAT : 217 12749 Bytes 12/5/2006 17:00:00
AVSCAN.EXE : 7.0.3.4 208936 Bytes 12/22/2006 19:55:59
AVSCAN.DLL : 7.0.3.1 35880 Bytes 12/22/2006 19:55:59
LUKE.DLL : 7.0.3.2 143400 Bytes 12/22/2006 19:56:00
LUKERES.DLL : 7.0.2.0 9256 Bytes 12/22/2006 19:56:00
ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 5/31/2006 17:35:27
ANTIVIR1.VDF : 6.36.1.24 2212864 Bytes 11/14/2006 19:56:01
ANTIVIR2.VDF : 6.37.0.56 688128 Bytes 12/22/2006 19:56:01
ANTIVIR3.VDF : 6.37.0.65 38912 Bytes 12/22/2006 19:56:01
AVEWIN32.DLL : 7.3.0.21 1999360 Bytes 12/22/2006 19:56:02
AVPREF.DLL : 7.0.2.0 23592 Bytes 12/22/2006 19:55:59
AVREP.DLL : 6.37.0.5 1007656 Bytes 12/22/2006 19:56:02
AVRPBASE.DLL : 7.0.0.0 2162728 Bytes 3/30/2006 15:43:31
AVPACK32.DLL : 7.2.0.5 368680 Bytes 12/22/2006 19:56:02
AVREG.DLL : 7.0.1.1 30760 Bytes 12/22/2006 19:55:59
NETNT.DLL : 6.32.0.0 6696 Bytes 9/27/2005 14:56:49
RCIMAGE.DLL : 7.0.1.3 2097192 Bytes 12/22/2006 19:55:49
RCTEXT.DLL : 7.0.12.1 77864 Bytes 12/22/2006 19:55:49

Configuration settings for the scan:
Jobname..........................: Manual Selection
Configuration file...............: C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\PROFILES\folder.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: F:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: Friday, December 22, 2006 15:00

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Modules have been scanned
Scan process 'WINWORD.EXE' - '1' Modules have been scanned
Scan process 'avcenter.exe' - '1' Modules have been scanned
Scan process 'sched.exe' - '1' Modules have been scanned
Scan process 'avgnt.exe' - '1' Modules have been scanned
Scan process 'avguard.exe' - '1' Modules have been scanned
Scan process 'EXCEL.EXE' - '1' Modules have been scanned
Scan process 'firefox.exe' - '1' Modules have been scanned
Scan process 'TscHelp.exe' - '1' Modules have been scanned
Scan process 'SnagIt32.exe' - '1' Modules have been scanned
Scan process 'sqlmangr.exe' - '1' Modules have been scanned
Scan process 'qbupdate.exe' - '1' Modules have been scanned
Scan process 'MFNTCTL.EXE' - '1' Modules have been scanned
Scan process 'Hotsync.exe' - '1' Modules have been scanned
Scan process 'DLG.exe' - '1' Modules have been scanned
Scan process 'TeaTimer.exe' - '1' Modules have been scanned
Scan process 'ctfmon.exe' - '1' Modules have been scanned
Scan process 'DSAgnt.exe' - '1' Modules have been scanned
Scan process 'MpfAgent.exe' - '1' Modules have been scanned
Scan process 'MediaDetect.exe' - '1' Modules have been scanned
Scan process 'LogMeInSystray.exe' - '1' Modules have been scanned
Scan process 'Act.Outlook.Service.exe' - '1' Modules have been scanned
Scan process 'schedhlp.exe' - '1' Modules have been scanned
Scan process 'TrueImageMonitor.exe' - '1' Modules have been scanned
Scan process 'qttask.exe' - '1' Modules have been scanned
Scan process 'avgcc.exe' - '1' Modules have been scanned
Scan process 'brctrcen.exe' - '1' Modules have been scanned
Scan process 'pptd40nt.exe' - '1' Modules have been scanned
Scan process 'McVSEscn.exe' - '1' Modules have been scanned
Scan process 'MpfTray.exe' - '1' Modules have been scanned
Scan process 'mcvsshld.exe' - '1' Modules have been scanned
Scan process 'MSKAgent.exe' - '1' Modules have been scanned
Scan process 'DLACTRLW.EXE' - '1' Modules have been scanned
Scan process 'mcagent.exe' - '1' Modules have been scanned
Scan process 'oasclnt.exe' - '1' Modules have been scanned
Scan process 'issch.exe' - '1' Modules have been scanned
Scan process 'DMXLauncher.exe' - '1' Modules have been scanned
Scan process 'igfxpers.exe' - '1' Modules have been scanned
Scan process 'hkcmd.exe' - '1' Modules have been scanned
Scan process 'explorer.exe' - '1' Modules have been scanned
Scan process 'alg.exe' - '1' Modules have been scanned
Scan process 'wdfmgr.exe' - '1' Modules have been scanned
Scan process 'svchost.exe' - '1' Modules have been scanned
Scan process 'sqlbrowser.exe' - '1' Modules have been scanned
Scan process 'QBDBMgrN.exe' - '1' Modules have been scanned
Scan process 'QBDBMgrN.exe' - '1' Modules have been scanned
Scan process 'QBCFMonitorService.exe' - '1' Modules have been scanned
Scan process 'mysqld-nt.exe' - '1' Modules have been scanned
Scan process 'sqlservr.exe' - '1' Modules have been scanned
Scan process 'sqlservr.exe' - '1' Modules have been scanned
Scan process 'sqlservr.exe' - '1' Modules have been scanned
Scan process 'MSKSrvr.exe' - '1' Modules have been scanned
Scan process 'MpfService.exe' - '1' Modules have been scanned
Scan process 'MDM.EXE' - '1' Modules have been scanned
Scan process 'McTskshd.exe' - '1' Modules have been scanned
Scan process 'McShield.exe' - '1' Modules have been scanned
Scan process 'Mcdetect.exe' - '1' Modules have been scanned
Scan process 'LogMeIn.exe' - '1' Modules have been scanned
Scan process 'ramaint.exe' - '1' Modules have been scanned
Scan process 'avgemc.exe' - '1' Modules have been scanned
Scan process 'avgupsvc.exe' - '1' Modules have been scanned
Scan process 'avgamsvr.exe' - '1' Modules have been scanned
Scan process 'AOLacsd.exe' - '1' Modules have been scanned
Scan process 'schedul2.exe' - '1' Modules have been scanned
Scan process 'spoolsv.exe' - '1' Modules have been scanned
Scan process 'svchost.exe' - '1' Modules have been scanned
Scan process 'svchost.exe' - '1' Modules have been scanned
Scan process 'svchost.exe' - '1' Modules have been scanned
Scan process 'svchost.exe' - '1' Modules have been scanned
Scan process 'svchost.exe' - '1' Modules have been scanned
Scan process 'lsass.exe' - '1' Modules have been scanned
Scan process 'services.exe' - '1' Modules have been scanned
Scan process 'winlogon.exe' - '1' Modules have been scanned
Scan process 'csrss.exe' - '1' Modules have been scanned
Scan process 'smss.exe' - '1' Modules have been scanned
75 processes with 75 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( 54 files ).


Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <Backup>
Begin scan in 'E:\' <D:\>
The path E:\ could not be found!
The device is not ready.

Begin scan in 'F:\' <E:\>
The path F:\ could not be found!
The device is not ready.



End of the scan: Friday, December 22, 2006 18:51
Used time: 3:51:24 min

The scan has been done completely.

9826 Scanning directories
497776 Files were scanned
0 viruses and/or unwanted programs were found
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
497776 Files not concerned
5301 Archives were scanned
2 Warnings
0 Notes

Oddly enough, after all of the above, I reran AVG, out of curiosity, and NOW it detects the same Trojan Dropper BMH in the WinAce (zip compression) setup program.

That has to be a false positive. It seems to be detecting setup programs that meet certain criteria. That is one problem with AVG that has been around for a long time.