Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Detected: Riskware Invader


  • This topic is locked This topic is locked
5 replies to this topic

#1 gnibblit

gnibblit

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:57 PM

Posted 15 October 2007 - 04:53 PM

I have recently reinstalled windows on my xp machine and installed a trial of Kaspersky antivirus 7.0.0.125.
I am getting a message in my reports that says"detected: riskware Invader Running process: C:\program files\Mozilla Firefox\firefox.exe.
under the events tab is the following information:

10/13/2007 6:26:20 PM A full computer scan has never been performed. You are advised to perform a full scan as soon as possible.
10/13/2007 6:26:28 PM Protection of your computer started.
10/13/2007 6:27:02 PM Process (PID 1008) tried to access Kaspersky Anti-Virus process (PID 268), but the action has been blocked by the Self-Defense component. No action on your part is required.
10/13/2007 6:27:56 PM Please restart your computer to complete the installation of new or updated protection components.
10/13/2007 6:28:00 PM Please restart your computer to complete the installation of new or updated protection components.
10/13/2007 6:28:00 PM Update completed successfully
10/13/2007 6:28:42 PM Process (PID 236) tried to access Kaspersky Anti-Virus process (PID 268), but the action has been blocked by the Self-Defense component. No action on your part is required.
10/13/2007 6:28:42 PM Process (PID 236) tried to access Kaspersky Anti-Virus process (PID 1592), but the action has been blocked by the Self-Defense component. No action on your part is required.
10/13/2007 6:28:59 PM Protection of your computer is not running. You are advised to resume protection.
10/13/2007 6:29:50 PM A full computer scan has never been performed. You are advised to perform a full scan as soon as possible.
10/13/2007 6:29:59 PM Protection of your computer started.
10/13/2007 6:30:32 PM Process (PID 236) tried to access Kaspersky Anti-Virus process (PID 264), but the action has been blocked by the Self-Defense component. No action on your part is required.
10/13/2007 6:30:32 PM Process (PID 236) tried to access Kaspersky Anti-Virus process (PID 1444), but the action has been blocked by the Self-Defense component. No action on your part is required.
10/13/2007 6:31:24 PM Databases are up-to-date
10/13/2007 8:39:29 PM Update completed successfully
10/13/2007 10:59:30 PM Update completed successfully
10/13/2007 11:01:24 PM Process C:\WINDOWS\system32\services.exe (PID: 1052): suspicious action. Attempt to create list of system services executed during system startup (key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tmcomm, value ImagePath, data \??\C:\WINDOWS\system32\drivers\tmcomm.sys).
10/13/2007 11:02:21 PM Process C:\WINDOWS\system32\services.exe (PID: 1052): attempt to create list of system services executed during system startup (key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tmcomm, value ImagePath, data \??\C:\WINDOWS\system32\drivers\tmcomm.sys) allowed.
10/14/2007 12:06:03 AM Running process C:\Program Files\Mozilla Firefox\firefox.exe: detected modification of riskware 'Invader'.
10/14/2007 12:07:16 AM Process C:\Program Files\Mozilla Firefox\firefox.exe (PID 2800) successfully terminated.
10/14/2007 12:07:49 AM Rollback not completed.
10/14/2007 12:24:53 AM Process C:\WINDOWS\system32\services.exe (PID: 1052): suspicious action. Attempt to create list of system services executed during system startup (key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CO_Mon, value ImagePath, data \??\C:\WINDOWS\system32\Drivers\CO_Mon.sys).
10/14/2007 12:29:54 AM Process C:\WINDOWS\system32\services.exe (PID: 1052): attempt to create list of system services executed during system startup (key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CO_Mon, value ImagePath, data \??\C:\WINDOWS\system32\Drivers\CO_Mon.sys) allowed.
10/14/2007 12:29:55 AM Process (PID 3456) tried to access Kaspersky Anti-Virus process (PID 264), but the action has been blocked by the Self-Defense component. No action on your part is required.
10/14/2007 12:29:55 AM Process (PID 3456) tried to access Kaspersky Anti-Virus process (PID 1444), but the action has been blocked by the Self-Defense component. No action on your part is required.
10/14/2007 1:19:25 AM Update completed successfully
10/14/2007 3:39:24 AM Update completed successfully
10/14/2007 5:59:24 AM Update completed successfully
10/14/2007 8:19:24 AM Update completed successfully
10/14/2007 10:39:24 AM Update completed successfully
10/14/2007 12:59:22 PM Update completed successfully
10/14/2007 3:19:24 PM Update completed successfully
10/14/2007 5:39:27 PM Update completed successfully
10/14/2007 7:59:26 PM Update completed successfully
10/14/2007 10:19:26 PM Update completed successfully
10/15/2007 12:39:25 AM Update completed successfully
10/15/2007 2:59:23 AM Update completed successfully
10/15/2007 5:19:24 AM Update completed successfully
10/15/2007 7:39:23 AM Update completed successfully
10/15/2007 9:59:25 AM Update completed successfully
10/15/2007 12:19:23 PM Update completed successfully
10/15/2007 1:35:33 PM Process C:\WINDOWS\explorer.exe (PID: 1860): suspicious action. Attempt to create Microsoft Internet Explorer plug-in settings (key HKEY_USERS\S-1-5-21-1292428093-1897051121-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser, value {01E04581-4EEE-11D0-BFE9-00AA005B4383}, data 81 45 e0 01 ee 4e d0 11 bf e9 00 aa 00 5b 43 83 10 00 00 00 00 00 00 00 01 e0 32 f4 01 00 00 00).
10/15/2007 1:35:39 PM Process C:\WINDOWS\explorer.exe (PID: 1860): attempt to create Microsoft Internet Explorer plug-in settings (key HKEY_USERS\S-1-5-21-1292428093-1897051121-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser, value {01E04581-4EEE-11D0-BFE9-00AA005B4383}, data 81 45 e0 01 ee 4e d0 11 bf e9 00 aa 00 5b 43 83 10 00 00 00 00 00 00 00 01 e0 32 f4 01 00 00 00) allowed.
10/15/2007 1:35:39 PM Process C:\WINDOWS\explorer.exe (PID: 1860): suspicious action. Attempt to create Microsoft Internet Explorer plug-in settings (key HKEY_USERS\S-1-5-21-1292428093-1897051121-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser, value ITBarLayout, data 11 00 00 00 4c 00 00 00 00 00 00 00 24 00 00 00 1b 00 00 00 56 00 00 00 01 00 00 00 20 07 00 00 a0 0f 00 00 05 00 00 00 62 05 00 00 26 00 00 00 02 00 00 00 21 07 00 00 a0 0f 00 00 04 00 00 00 21 01 00 00 a0 0f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00).
10/15/2007 1:35:49 PM Process C:\WINDOWS\explorer.exe (PID: 1860): attempt to create Microsoft Internet Explorer plug-in settings (key HKEY_USERS\S-1-5-21-1292428093-1897051121-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser, value ITBarLayout, data 11 00 00 00 4c 00 00 00 00 00 00 00 24 00 00 00 1b 00 00 00 56 00 00 00 01 00 00 00 20 07 00 00 a0 0f 00 00 05 00 00 00 62 05 00 00 26 00 00 00 02 00 00 00 21 07 00 00 a0 0f 00 00 04 00 00 00 21 01 00 00 a0 0f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00) allowed.
10/15/2007 2:39:25 PM Update completed successfully
10/15/2007 4:25:05 PM Process C:\WINDOWS\System32\svchost.exe (PID: 1472): suspicious action. Attempt to create computer security settings (key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List, value C:\Program Files\Java\jdk1.6.0_01\jre\bin\java.exe, data C:\Program Files\Java\jdk1.6.0_01\jre\bin\java.exe:*:Disabled:Java™ Platform SE binary).
10/15/2007 4:26:52 PM Process C:\WINDOWS\System32\svchost.exe (PID: 1472): attempt to create computer security settings (key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List, value C:\Program Files\Java\jdk1.6.0_01\jre\bin\java.exe, data C:\Program Files\Java\jdk1.6.0_01\jre\bin\java.exe:*:Disabled:Java™ Platform SE binary) allowed.
10/15/2007 4:27:02 PM Process C:\WINDOWS\system32\rundll32.exe (PID: 2876): suspicious action. Attempt to delete computer security settings (key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List, value C:\Program Files\Java\jdk1.6.0_01\jre\bin\java.exe, data C:\Program Files\Java\jdk1.6.0_01\jre\bin\java.exe:*:Disabled:Java™ Platform SE binary).
10/15/2007 4:27:08 PM Process C:\WINDOWS\system32\rundll32.exe (PID: 2876): attempt to delete computer security settings (key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List, value C:\Program Files\Java\jdk1.6.0_01\jre\bin\java.exe, data C:\Program Files\Java\jdk1.6.0_01\jre\bin\java.exe:*:Disabled:Java™ Platform SE binary) allowed.
10/15/2007 4:27:08 PM Process C:\WINDOWS\system32\rundll32.exe (PID: 2876): suspicious action. Attempt to create computer security settings (key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List, value C:\Program Files\Java\jdk1.6.0_01\jre\bin\java.exe, data C:\Program Files\Java\jdk1.6.0_01\jre\bin\java.exe:*:Enabled:Java™ Platform SE binary).
10/15/2007 4:27:11 PM Process C:\WINDOWS\system32\rundll32.exe (PID: 2876): attempt to create computer security settings (key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List, value C:\Program Files\Java\jdk1.6.0_01\jre\bin\java.exe, data C:\Program Files\Java\jdk1.6.0_01\jre\bin\java.exe:*:Enabled:Java™ Platform SE binary) allowed.
10/15/2007 4:45:14 PM Process (PID 1860) tried to access Kaspersky Anti-Virus process (PID 264), but the action has been blocked by the Self-Defense component. No action on your part is required.
10/15/2007 4:59:29 PM Update completed successfully



I ran HijackThis and here is my logfile:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:37:18 PM, on 10/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\svchost.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cs.colstate.edu/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 3177 bytes

I'm a little paranoid, since I am recovering from a keylogger episode and as I said I went through a format and reloaded the entire system from scratch.
Can you shed some light and let me know if I have anything to worry about?
Thanks in advance

BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:10:57 PM

Posted 27 October 2007 - 10:01 AM

Hello gnibblit,

Welcome to Bleeping Computer :thumbsup:

Sorry about the delay.:blink: If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 gnibblit

gnibblit
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:57 PM

Posted 01 November 2007 - 06:36 AM

Thank you. Here is a fresh Logfile.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:31:46 AM, on 11/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\HJT\HijackThis.exe


O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 3072 bytes

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:10:57 PM

Posted 01 November 2007 - 12:16 PM

Hello,

I don't see anything malicious in your log. :)Are you having any problems?

Regards,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 gnibblit

gnibblit
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:57 PM

Posted 02 November 2007 - 06:23 AM

No, not that I can tell. My only concern was the Kaspersky antivirus message in the report log: "detected: riskware Invader Running process: C:\program files\Mozilla Firefox\firefox.exe.
It may just be paranoia at this point.
Thanks for looking at it.

#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:10:57 PM

Posted 11 November 2007 - 11:48 AM

You're most welcome. :thumbsup:

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users