Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus/spyware/trojan detection- false positive?


  • This topic is locked This topic is locked
3 replies to this topic

#1 mb1987

mb1987

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:56 PM

Posted 08 December 2008 - 07:45 AM

Hi all, Thanks in advance for any help that can be offered.

First off it is worth noting that the only aspect of my computer not working correctly are my graphics drivers, where I get a crash with the infinite loop error randomly whilst gaming or watching videos. This is varied in frequency, sometimes happens a few times a day, sometimes not for a few weeks.

The reason I post is that my Avast! antivirus scan is run regularly and recently I did a thorough search of literally everything. It popped up with 3 THREATS detected, as listed here:
Win32:Small-HUF (Trj) in PROCESS\398\45f0000\40000
Win32:Small-Gen2 (Trj) in PROCESS\398\463000\40000
JS:Agent-AU [Expl] in PROCESS\398\4580000\40000

All in 'application 3980'.

From my research, these are embedded in the memory currently in use for the processes on the computer...and during a scan in safe mode, the same errors are located.

Furthermore I have scanned with Symantec, Kaspersky and Ewido online scanners and found NO trojans, spyware or viruses....which leads me to the question, is avast giving me a false positive, or is it really picking something up that the others aren't?

After picking up the threat, avast cannot do anything with it, no repair, moving, deletion or renaming.

Oh and a further note, I use some stardock apps to make my XP SP2 feel like Vista. Hope this isn't a problem and helps explain some of the processes loaded on startup.

Have a gander at these logs and let me know what you think.


Logfile of random's system information tool 1.04 (written by random/random)
Run by Mike at 2008-12-08 12:27:27
Microsoft Windows XP Professional Service Pack 2
System drive C: has 33 GB (56%) free of 58 GB
Total RAM: 2047 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:27:39, on 08/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20815)
Boot mode: Normal

Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS.0\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS.0\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS.0\system32\ctfmon.exe
C:\Program Files\Gigabyte\Gigabyte WP01GS Wireless PCI Adapter SoftAP\Installer\WINXP\RaUI.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS.0\system32\inetsrv\inetinfo.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS.0\system32\nvsvc32.exe
C:\WINDOWS.0\system32\wscntfy.exe
C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS.0\system32\SearchIndexer.exe
C:\WINDOWS.0\system32\SearchProtocolHost.exe
C:\WINDOWS.0\system32\dllhost.exe
C:\Documents and Settings\Mike\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Mike.exe

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Norton Ghost 14.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS.0\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.0\system32\ctfmon.exe
O4 - Global Startup: GN-WP01GS Utility.lnk = C:\Program Files\Gigabyte\Gigabyte WP01GS Wireless PCI Adapter SoftAP\Installer\WINXP\RaUI.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1228670525406
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1228670418718
O17 - HKLM\System\CCS\Services\Tcpip\..\{6FCA4EA5-9FC4-40AD-BE57-83FD3CEB4634}: NameServer = 208.67.222.222,208.67.220.220
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS.0\system32\nvsvc32.exe
O23 - Service: SymSnapService - Symantec - C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe

--
End of file - 4808 bytes

======Scheduled tasks folder======

C:\WINDOWS.0\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll [2008-03-24 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Norton Ghost 14.0"=C:\Program Files\Norton Ghost\Agent\VProTray.exe [2008-01-19 2245984]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-26 81000]
"P17Helper"=Rundll32 P17.dll []
"NvCplDaemon"=C:\WINDOWS.0\system32\NvCpl.dll [2008-06-06 13529088]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS.0\system32\ctfmon.exe [2008-06-06 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-22 116040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Blur Effect]
C:\Program Files\Stardock\Object Desktop\WindowFX\wfxload.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-07-30 289064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KelsPakSoft]
C:\WINDOWS.0\system32\mmm.exe [2005-07-05 828416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LClock]
C:\Program Files\LClock\LClock.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
C:\WINDOWS.0\system32\ViStart.exe [2007-09-09 589824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2007-09-20 1836328]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2007-03-01 153136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
C:\Program Files\Windows Sidebar\sidebar.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe [2008-03-24 144784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Topdesk]
C:\Program Files\TopDesk\topdesk.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
C:\WINDOWS.0\UpdReg.EXE [2000-05-11 90112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VistaDrive]
C:\WINDOWS.0\VistaDrive\VistaDrive.exe [2006-07-29 121089]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vistadrv]
C:\WINDOWS.0\VistaDrive\vsdrv.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Visual For Extreme]
C:\Program Files\VisualToolTip\VisualToolTip.exe [2007-04-25 678400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Welcome Center]
C:\Program Files\Welcome Center For Vista Extreme\Welcome Center.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS.0^Start Menu^Programs^Startup^Windows Search.lnk]
C:\PROGRA~1\WI459E~1\WINDOW~1.EXE [2008-05-26 123904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Mike^Start Menu^Programs^Startup^Styler.lnk]
C:\Documents and Settings\Mike\Application Data\Microsoft\Installer\{E9ECF354-2422-4FDB-9ABF-D8ADAC0EF941}\_585b207a.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NMIndexingService"=3
"WSearch"=2
"WLSetupSvc"=3
"usnjsvc"=3

C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Startup
GN-WP01GS Utility.lnk - C:\Program Files\Gigabyte\Gigabyte WP01GS Wireless PCI Adapter SoftAP\Installer\WINXP\RaUI.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="wbsys.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WBSrv]
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll [2008-08-08 229376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS.0\system32\WgaLogon.dll [2008-06-06 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS.0\system32\wpdshserviceobj.dll [2008-06-06 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=
scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoSMConfigurePrograms"=1
"NoSMBalloonTip"=1
"NoSMHelp"=01000000
"NoViewOnDrive"=0
"NoLogoff"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\BitLord\BitLord.exe"="C:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord"
"C:\Program Files\Kontiki\KService.exe"="C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"D:\Games\Steam\steamapps\mikebarton19@hotmail.com\counter-strike source\hl2.exe"="D:\Games\Steam\steamapps\mikebarton19@hotmail.com\counter-strike source\hl2.exe:*:Enabled:hl2"
"D:\Games\Steam\steamapps\mikebarton19@hotmail.com\day of defeat source\hl2.exe"="D:\Games\Steam\steamapps\mikebarton19@hotmail.com\day of defeat source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"D:\Games\Steam\steamapps\mikebarton19@hotmail.com\diprip warm up\hl2.exe"="D:\Games\Steam\steamapps\mikebarton19@hotmail.com\diprip warm up\hl2.exe:*:Enabled:hl2"
"D:\Games\Steam\steamapps\mikebarton19@hotmail.com\synergy\hl2.exe"="D:\Games\Steam\steamapps\mikebarton19@hotmail.com\synergy\hl2.exe:*:Enabled:hl2"
"D:\Games\Steam\steamapps\mikebarton19@hotmail.com\insurgency\hl2.exe"="D:\Games\Steam\steamapps\mikebarton19@hotmail.com\insurgency\hl2.exe:*:Enabled:hl2"
"D:\Games\Steam\steamapps\mikebarton19@hotmail.com\zombie panic! source\hl2.exe"="D:\Games\Steam\steamapps\mikebarton19@hotmail.com\zombie panic! source\hl2.exe:*:Enabled:hl2"
"D:\Games\Steam\Steam.exe"="D:\Games\Steam\Steam.exe:*:Enabled:Steam"
"D:\Games\FM09\fm.exe"="D:\Games\FM09\fm.exe:*:Enabled:Football Manager 2009"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
shell\AutoRun\command - G:\Launch.exe


======File associations======

.bat - edit - C:\WINDOWS.0\system32\NOTEPAD2.EXE %1
.cmd - edit - C:\WINDOWS.0\system32\NOTEPAD2.EXE %1
.inf - open - C:\WINDOWS.0\system32\NOTEPAD2.EXE %1
.ini - open - C:\WINDOWS.0\system32\NOTEPAD2.EXE %1
.js - edit - C:\WINDOWS.0\system32\Notepad2.exe %1
.reg - edit - C:\WINDOWS.0\system32\NOTEPAD2.EXE %1
.txt - open - C:\WINDOWS.0\system32\NOTEPAD2.EXE %1
.vbs - edit - C:\WINDOWS.0\system32\Notepad2.exe %1

======List of files/folders created in the last 1 months======

2008-12-08 11:52:29 ----D---- C:\rsit
2008-12-07 19:34:38 ----D---- C:\ERDNT
2008-12-07 19:34:36 ----D---- C:\WINDOWS.0\ERUNT
2008-12-07 19:34:36 ----D---- C:\WINDOWS.0\ERDNT
2008-12-07 19:34:33 ----D---- C:\!FixIEDef
2008-12-07 18:22:19 ----D---- C:\Program Files\Trend Micro
2008-12-07 18:11:32 ----A---- C:\rapport.txt
2008-12-07 18:11:22 ----A---- C:\WINDOWS.0\system32\WS2Fix.exe
2008-12-07 18:11:22 ----A---- C:\WINDOWS.0\system32\VCCLSID.exe
2008-12-07 18:11:22 ----A---- C:\WINDOWS.0\system32\VACFix.exe
2008-12-07 18:11:22 ----A---- C:\WINDOWS.0\system32\swxcacls.exe
2008-12-07 18:11:22 ----A---- C:\WINDOWS.0\system32\swsc.exe
2008-12-07 18:11:22 ----A---- C:\WINDOWS.0\system32\swreg.exe
2008-12-07 18:11:22 ----A---- C:\WINDOWS.0\system32\SrchSTS.exe
2008-12-07 18:11:22 ----A---- C:\WINDOWS.0\system32\Process.exe
2008-12-07 18:11:22 ----A---- C:\WINDOWS.0\system32\o4Patch.exe
2008-12-07 18:11:22 ----A---- C:\WINDOWS.0\system32\IEDFix.exe
2008-12-07 18:11:22 ----A---- C:\WINDOWS.0\system32\IEDFix.C.exe
2008-12-07 18:11:22 ----A---- C:\WINDOWS.0\system32\dumphive.exe
2008-12-07 18:11:22 ----A---- C:\WINDOWS.0\system32\404Fix.exe
2008-12-07 18:11:18 ----D---- C:\WINDOWS.0\SmitfraudFix
2008-12-07 17:59:23 ----HDC---- C:\WINDOWS.0\$NtUninstallKB957097$
2008-12-07 17:58:03 ----HDC---- C:\WINDOWS.0\$NtUninstallKB955069$
2008-12-07 17:57:06 ----HDC---- C:\WINDOWS.0\$NtUninstallKB958644$
2008-12-07 17:56:42 ----HDC---- C:\WINDOWS.0\$NtUninstallKB957095$
2008-12-07 17:56:30 ----HDC---- C:\WINDOWS.0\$NtUninstallKB956841$
2008-12-07 17:56:25 ----HDC---- C:\WINDOWS.0\$NtUninstallKB956803$
2008-12-07 17:56:21 ----HDC---- C:\WINDOWS.0\$NtUninstallKB956391$
2008-12-07 17:56:17 ----HDC---- C:\WINDOWS.0\$NtUninstallKB953155$
2008-12-07 17:56:12 ----HDC---- C:\WINDOWS.0\$NtUninstallKB954211$
2008-12-07 17:53:49 ----SHD---- C:\Config.Msi
2008-12-07 17:52:23 ----HDC---- C:\WINDOWS.0\$NtUninstallKB954154_WM11$
2008-12-07 17:51:27 ----HDC---- C:\WINDOWS.0\$NtUninstallKB938464$
2008-12-07 17:51:06 ----HDC---- C:\WINDOWS.0\$NtUninstallKB952287$
2008-12-07 17:51:02 ----HDC---- C:\WINDOWS.0\$NtUninstallKB951072-v2$
2008-12-07 17:50:57 ----HDC---- C:\WINDOWS.0\$NtUninstallKB950974$
2008-12-07 17:50:53 ----HDC---- C:\WINDOWS.0\$NtUninstallKB952954$
2008-12-07 17:50:49 ----HDC---- C:\WINDOWS.0\$NtUninstallKB951066$
2008-12-07 17:47:36 ----HDC---- C:\WINDOWS.0\$NtUninstallKB948590$
2008-12-07 17:47:32 ----HDC---- C:\WINDOWS.0\$NtUninstallKB945553$
2008-12-07 17:47:29 ----HDC---- C:\WINDOWS.0\$NtUninstallKB943055$
2008-12-07 17:47:25 ----HDC---- C:\WINDOWS.0\$NtUninstallKB946026$
2008-12-07 17:47:22 ----HDC---- C:\WINDOWS.0\$NtUninstallKB943485$
2008-12-07 17:47:16 ----HDC---- C:\WINDOWS.0\$NtUninstallKB937894$
2008-12-07 17:47:11 ----HDC---- C:\WINDOWS.0\$NtUninstallKB944653$
2008-12-07 17:47:06 ----HDC---- C:\WINDOWS.0\$NtUninstallKB943460$
2008-12-07 17:47:00 ----HDC---- C:\WINDOWS.0\$NtUninstallKB933729$
2008-12-07 17:46:56 ----HDC---- C:\WINDOWS.0\$NtUninstallKB935839$
2008-12-07 17:46:52 ----HDC---- C:\WINDOWS.0\$NtUninstallKB935840$
2008-12-07 17:46:47 ----HDC---- C:\WINDOWS.0\$NtUninstallKB929123$
2008-12-07 17:45:10 ----A---- C:\WINDOWS.0\system32\SET5A8.tmp
2008-12-07 17:44:41 ----A---- C:\WINDOWS.0\system32\SET528.tmp
2008-12-07 17:44:27 ----A---- C:\WINDOWS.0\system32\SET4F6.tmp
2008-12-07 17:44:26 ----A---- C:\WINDOWS.0\system32\SET4F9.tmp
2008-12-07 17:44:26 ----A---- C:\WINDOWS.0\system32\SET4F5.tmp
2008-12-07 17:44:26 ----A---- C:\WINDOWS.0\system32\SET4F4.tmp
2008-12-07 17:44:26 ----A---- C:\WINDOWS.0\system32\SET4ED.tmp
2008-12-07 17:44:25 ----A---- C:\WINDOWS.0\system32\SET4EB.tmp
2008-12-07 17:44:24 ----A---- C:\WINDOWS.0\system32\SET502.tmp
2008-12-07 17:44:24 ----A---- C:\WINDOWS.0\system32\SET4F2.tmp
2008-12-07 17:44:22 ----A---- C:\WINDOWS.0\system32\SET505.tmp
2008-12-07 17:44:22 ----A---- C:\WINDOWS.0\system32\SET4FD.tmp
2008-12-07 17:44:21 ----A---- C:\WINDOWS.0\system32\SET504.tmp
2008-12-07 17:44:21 ----A---- C:\WINDOWS.0\system32\SET503.tmp
2008-12-07 17:44:18 ----A---- C:\WINDOWS.0\system32\SET4EA.tmp
2008-12-07 17:44:15 ----A---- C:\WINDOWS.0\system32\SET4EC.tmp
2008-12-07 17:44:13 ----A---- C:\WINDOWS.0\system32\SET4FB.tmp
2008-12-07 17:44:11 ----A---- C:\WINDOWS.0\system32\SET4F3.tmp
2008-12-07 17:40:28 ----A---- C:\WINDOWS.0\system32\SET31A.tmp
2008-12-07 17:34:22 ----A---- C:\WINDOWS.0\system32\SET1D5.tmp
2008-12-07 17:34:14 ----A---- C:\WINDOWS.0\system32\SET1D0.tmp
2008-12-07 17:33:20 ----N---- C:\WINDOWS.0\system32\SET1A3.tmp
2008-12-07 17:33:19 ----A---- C:\WINDOWS.0\system32\SET1A2.tmp
2008-12-07 17:33:09 ----A---- C:\WINDOWS.0\system32\SET19E.tmp
2008-12-07 17:27:47 ----D---- C:\Program Files\RogueRemover FREE
2008-12-07 17:24:22 ----D---- C:\Documents and Settings\Mike\Application Data\Malwarebytes
2008-12-07 17:24:16 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-07 17:24:16 ----D---- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Malwarebytes
2008-12-07 17:22:53 ----A---- C:\WINDOWS.0\system32\wuapi.dll.mui
2008-12-07 17:21:14 ----D---- C:\WINDOWS.0\system32\CatRoot2
2008-12-07 16:58:07 ----A---- C:\WINDOWS.0\ntbtlog.txt
2008-11-29 17:30:04 ----D---- C:\WINDOWS.0\nview
2008-11-29 16:41:35 ----D---- C:\NVIDIA
2008-11-29 16:36:54 ----D---- C:\Program Files\NFR
2008-11-24 16:36:30 ----AH---- C:\WINDOWS.0\RefreshLock.ini
2008-11-24 16:34:10 ----AH---- C:\WINDOWS.0\_vmtxp.ini
2008-11-23 11:50:05 ----D---- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\NVIDIA
2008-11-17 23:33:01 ----D---- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Sports Interactive
2008-11-17 23:30:01 ----A---- C:\WINDOWS.0\system32\XAudio2_1.dll
2008-11-17 23:30:01 ----A---- C:\WINDOWS.0\system32\XAPOFX1_0.dll
2008-11-17 23:30:01 ----A---- C:\WINDOWS.0\system32\xactengine3_1.dll
2008-11-17 23:30:01 ----A---- C:\WINDOWS.0\system32\X3DAudio1_4.dll
2008-11-17 23:30:00 ----A---- C:\WINDOWS.0\system32\D3DX9_38.dll
2008-11-17 23:30:00 ----A---- C:\WINDOWS.0\system32\d3dx10_38.dll
2008-11-17 23:30:00 ----A---- C:\WINDOWS.0\system32\D3DCompiler_38.dll
2008-11-17 23:29:04 ----D---- C:\WINDOWS.0\Logs
2008-11-17 23:26:35 ----HD---- C:\Program Files\Zero G Registry
2008-11-17 23:24:51 ----D---- C:\Documents and Settings\Mike\Application Data\Sports Interactive
2008-11-16 15:04:24 ----A---- C:\WINDOWS.0\system32\upxshell.ini
2008-11-14 17:15:52 ----D---- C:\Documents and Settings\Mike\Application Data\teamspeak2

======List of files/folders modified in the last 1 months======

2008-12-08 12:14:40 ----D---- C:\WINDOWS.0\Temp
2008-12-08 12:14:39 ----D---- C:\WINDOWS.0\Prefetch
2008-12-08 11:37:26 ----D---- C:\WINDOWS.0\Registration
2008-12-08 11:25:37 ----SD---- C:\WINDOWS.0\Tasks
2008-12-08 11:24:11 ----D---- C:\WINDOWS.0\system32\inetsrv
2008-12-08 11:23:50 ----D---- C:\Program Files\Mozilla Firefox
2008-12-08 11:22:18 ----HD---- C:\WINDOWS.0
2008-12-08 00:18:01 ----A---- C:\WINDOWS.0\SchedLgU.Txt
2008-12-07 19:38:19 ----SD---- C:\WINDOWS.0\Downloaded Program Files
2008-12-07 19:34:52 ----D---- C:\WINDOWS.0\system32
2008-12-07 19:34:35 ----SHD---- C:\System Volume Information
2008-12-07 19:34:35 ----D---- C:\WINDOWS.0\system32\Restore
2008-12-07 19:12:51 ----D---- C:\WINDOWS.0\Microsoft.NET
2008-12-07 19:12:48 ----RSD---- C:\WINDOWS.0\assembly
2008-12-07 19:06:14 ----HD---- C:\WINDOWS.0\inf
2008-12-07 18:40:58 ----RSHDC---- C:\WINDOWS.0\system32\dllcache
2008-12-07 18:39:05 ----ASH---- C:\boot.ini
2008-12-07 18:22:19 ----RD---- C:\Program Files
2008-12-07 17:59:25 ----D---- C:\WINDOWS.0\system32\drivers
2008-12-07 17:59:22 ----HD---- C:\WINDOWS.0\$hf_mig$
2008-12-07 17:58:28 ----D---- C:\WINDOWS.0\Debug
2008-12-07 17:58:24 ----SHD---- C:\WINDOWS.0\Installer
2008-12-07 17:58:12 ----D---- C:\WINDOWS.0\WinSxS
2008-12-07 17:58:01 ----D---- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Microsoft Help
2008-12-07 17:57:01 ----D---- C:\Program Files\internet explorer
2008-12-07 17:56:52 ----D---- C:\WINDOWS.0\ie7updates
2008-12-07 17:54:53 ----A---- C:\WINDOWS.0\system32\PerfStringBackup.INI
2008-12-07 17:50:03 ----AH---- C:\WINDOWS.0\win.ini
2008-12-07 17:49:16 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-12-07 17:46:49 ----D---- C:\Program Files\outlook express
2008-12-07 17:46:49 ----D---- C:\Program Files\Common Files\system
2008-12-07 17:23:05 ----D---- C:\WINDOWS.0\SoftwareDistribution
2008-12-07 17:22:56 ----D---- C:\WINDOWS.0\Help
2008-12-07 17:22:02 ----D---- C:\WINDOWS.0\system32\CatRoot
2008-12-07 16:58:36 ----D---- C:\Documents and Settings
2008-12-07 16:41:10 ----D---- C:\WINDOWS.0\system32\Logfiles
2008-12-07 16:41:09 ----D---- C:\WINDOWS.0\Minidump
2008-12-07 14:15:13 ----D---- C:\Program Files\HijackThis
2008-12-06 17:57:14 ----D---- C:\Documents and Settings\Mike\Application Data\Mozilla
2008-12-04 22:19:53 ----AH---- C:\WINDOWS.0\NeroDigital.ini
2008-11-29 17:31:54 ----D---- C:\WINDOWS.0\system32\config
2008-11-29 17:31:45 ----D---- C:\WINDOWS.0\system32\wbem
2008-11-29 15:26:40 ----RSD---- C:\WINDOWS.0\Fonts
2008-11-28 13:41:22 ----D---- C:\Program Files\Spyware Doctor
2008-11-28 13:41:20 ----AD---- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\TEMP
2008-11-28 13:36:54 ----D---- C:\temp
2008-11-26 17:21:30 ----A---- C:\WINDOWS.0\system32\aswBoot.exe
2008-11-24 16:32:07 ----AH---- C:\c0.txt
2008-11-24 16:25:43 ----AH---- C:\WINDOWS.0\system.ini
2008-11-23 11:07:03 ----D---- C:\Documents and Settings\Mike\Application Data\Real
2008-11-20 19:20:05 ----SD---- C:\Documents and Settings\Mike\Application Data\Microsoft
2008-11-17 23:29:11 ----D---- C:\WINDOWS.0\system32\DirectX
2008-11-17 18:45:24 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-11-13 22:41:04 ----D---- C:\WINDOWS.0\repair

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS.0\system32\drivers\Aavmker4.sys [2008-11-26 26944]
R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS.0\system32\DRIVERS\amdk7.sys [2008-06-06 37376]
R1 aswSP;avast! Self Protection; C:\WINDOWS.0\system32\drivers\aswSP.sys [2008-11-26 111184]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS.0\system32\drivers\aswTdi.sys [2008-11-26 50864]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS.0\system32\DRIVERS\kbdhid.sys [2008-06-06 14848]
R1 PQNTDrv;PQNTDrv; C:\WINDOWS.0\system32\drivers\PQNTDrv.sys [2004-05-05 4228]
R1 SCDEmu;SCDEmu; C:\WINDOWS.0\system32\drivers\SCDEmu.sys [2008-03-14 46652]
R1 StarOpen;StarOpen; C:\WINDOWS.0\system32\drivers\StarOpen.sys [2006-07-24 5632]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; C:\WINDOWS.0\system32\DRIVERS\AegisP.sys [2008-08-08 20747]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS.0\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS.0\system32\drivers\aswMon2.sys [2008-11-26 94032]
R2 rspndr;Link-Layer Topology Discovery Responder; C:\WINDOWS.0\system32\DRIVERS\rspndr.sys [2008-06-06 62336]
R2 v2imount;Symantec V2i Mount Driver; C:\WINDOWS.0\system32\DRIVERS\v2imount.sys [2008-01-19 38112]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS.0\system32\DRIVERS\arp1394.sys [2008-06-06 60800]
R3 aswRdr;aswRdr; C:\WINDOWS.0\system32\drivers\aswRdr.sys [2008-11-26 23152]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS.0\system32\DRIVERS\ctsfm2k.sys [2005-01-10 138752]
R3 GEARAspiWDM;GearAspiWDM; C:\WINDOWS.0\system32\DRIVERS\GEARAspiWDM.sys [2008-01-29 16168]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS.0\system32\DRIVERS\hidusb.sys [2008-06-06 9600]
R3 mouhid;Mouse HID Driver; C:\WINDOWS.0\system32\DRIVERS\mouhid.sys [2008-06-06 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS.0\system32\DRIVERS\nic1394.sys [2008-06-06 61824]
R3 nv;nv; C:\WINDOWS.0\system32\DRIVERS\nv4_mini.sys [2008-06-06 6554496]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS.0\system32\DRIVERS\ctoss2k.sys [2005-01-10 106496]
R3 P17;Sound Blaster Audigy; C:\WINDOWS.0\system32\drivers\P17.sys [2005-07-07 1389056]
R3 RT61;Gigabyte RT61 Wireless Driver; C:\WINDOWS.0\system32\DRIVERS\RT61.sys [2005-10-27 356096]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS.0\system32\DRIVERS\usbccgp.sys [2008-06-06 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS.0\system32\DRIVERS\usbehci.sys [2008-06-06 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS.0\system32\DRIVERS\usbhub.sys [2008-06-06 59392]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS.0\system32\DRIVERS\usbohci.sys [2008-06-06 17152]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS.0\system32\DRIVERS\sscdbus.sys [2007-07-03 80552]
S3 sscdmdfl;SAMSUNG Mobile Modem Filter; C:\WINDOWS.0\system32\DRIVERS\sscdmdfl.sys [2007-07-03 11944]
S3 sscdmdm;SAMSUNG Mobile Modem Drivers; C:\WINDOWS.0\system32\DRIVERS\sscdmdm.sys [2007-07-03 106792]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS.0\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 VProEventMonitor;Symantec Event Monitor Driver; C:\WINDOWS.0\system32\DRIVERS\vproeventmonitor.sys [2008-01-19 15088]
S3 WimFltr;WimFltr; C:\WINDOWS.0\system32\DRIVERS\wimfltr.sys [2008-01-19 128104]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS.0\system32\DRIVERS\WudfPf.sys [2008-06-06 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS.0\system32\DRIVERS\wudfrd.sys [2008-06-06 82944]
S4 IntelIde;IntelIde; C:\WINDOWS.0\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-11-26 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-11-26 155160]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 IISADMIN;IIS Admin; C:\WINDOWS.0\system32\inetsrv\inetinfo.exe [2008-06-06 15872]
R2 Norton Ghost;Norton Ghost; C:\Program Files\Norton Ghost\Agent\VProSvc.exe [2008-01-19 4388192]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS.0\system32\nvsvc32.exe [2008-06-06 159812]
R2 W3SVC;World Wide Web Publishing; C:\WINDOWS.0\system32\inetsrv\inetinfo.exe [2008-06-06 15872]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 SymSnapService;SymSnapService; C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe [2007-12-20 1553896]
R3 WSearch;Windows Search; C:\WINDOWS.0\system32\SearchIndexer.exe [2008-05-26 439808]
S2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider; C:\WINDOWS.0\system32\dllhost.exe [2008-06-06 5120]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS.0\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-11-26 254040]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-11-26 352920]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS.0\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS.0\system32\svchost.exe [2008-06-06 14336]
S4 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-09-12 2999664]
S4 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-09-20 853288]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-09-20 382248]
S4 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S4 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------

THE MINIMISED NOTEPAD DOESN'T APPEAR, NOR IS IT SAVED IN THE DIRECTORY!




Kaspersky Log.
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, December 8, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, December 08, 2008 08:14:54
Records in database: 1443593
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - Critical Areas:
C:\Documents and Settings\All Users.WINDOWS.0\Start Menu\Programs\Startup
C:\Documents and Settings\Mike\Start Menu\Programs\Startup
C:\Program Files
C:\WINDOWS.0

Scan statistics:
Files scanned: 32199
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 00:35:25

No malware has been detected. The scan area is clean.

The selected area was scanned.



Thanks for any help you can give me,

M

BC AdBot (Login to Remove)

 


#2 mb1987

mb1987
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:56 PM

Posted 08 December 2008 - 12:40 PM

Updated hijack this log after removing all stardock apps and effects...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:38:35, on 08/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20815)
Boot mode: Normal

Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS.0\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS.0\Explorer.EXE
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS.0\system32\Rundll32.exe
C:\WINDOWS.0\system32\ctfmon.exe
C:\Program Files\Gigabyte\Gigabyte WP01GS Wireless PCI Adapter SoftAP\Installer\WINXP\RaUI.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS.0\system32\inetsrv\inetinfo.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS.0\system32\nvsvc32.exe
C:\WINDOWS.0\system32\dllhost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS.0\system32\dllhost.exe
C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
D:\Games\FM09\fm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Norton Ghost 14.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS.0\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.0\system32\ctfmon.exe
O4 - Global Startup: GN-WP01GS Utility.lnk = C:\Program Files\Gigabyte\Gigabyte WP01GS Wireless PCI Adapter SoftAP\Installer\WINXP\RaUI.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-478-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - url=http://downloads.ewido.net/ewidoOnlineScan.cab]http://downloads.ewido.net/ewidoOnlineScan.cab[/url]
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - url=http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab]http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab[/url]
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - url=http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1228670525406]http://www.update.microsoft.com/microsoftu...b?1228670525406[/url]
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - url=http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab]http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab[/url]
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - url=http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1228670418718]http://www.update.microsoft.com/microsoftu...b?1228670418718[/url]
O17 - HKLM\System\CCS\Services\Tcpip\..\{6FCA4EA5-9FC4-40AD-BE57-83FD3CEB4634}: NameServer = 208.67.222.222,208.67.220.220
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS.0\system32\nvsvc32.exe
O23 - Service: SymSnapService - Symantec - C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe

--
End of file - 4850 bytes


Please input someone!

Edited by mb1987, 08 December 2008 - 12:41 PM.


#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:10:56 AM

Posted 16 December 2008 - 05:22 PM

Hello mb1987,

Posted Image

Sorry about the delay.:thumbsup: If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:10:56 AM

Posted 25 December 2008 - 07:47 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users