Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Several Hidden Objects and Warnings using Avira Anti-Virus


  • This topic is locked This topic is locked
3 replies to this topic

#1 smoketwibz

smoketwibz

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Rochester, MN
  • Local time:02:03 PM

Posted 14 December 2010 - 10:03 AM

I have above average computer skills (in my opinion) but for some reason I cannot figure out what it means when Avira tells me there are hidden objects and 13 warnings. I just finished scanning with Avira and decided to have a professional try to help me out here. My computer actually runs really smooth which is actually where I believe most of my curiousity and suspicions stem from. I have never done this before and I have never had a professional evaluate my computer. I have read the preparation thing before posting and have completed everything required. I will be at my computer all the time (for the most part) as right now I have no job and just big time snow storm. If I am gone it'll only be for a short period of time. Any help would be greatly appreciated. I appologize in advance if I have posted to wrong forum. Below is the required log.......


DDS (Ver_10-12-12.02) - NTFSx86
Run by Owner at 5:44:11.16 on Tue 12/14/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2023.1331 [GMT -6:00]

AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
svchost.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Avira\AntiVir Desktop\avscan.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.gateway.com/
uInternet Settings,ProxyServer = http=127.0.0.1:50370
mSearchAssistant = hxxp://www.google.com/ie
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
uPolicies-explorer: NoSMMyDocs = 1 (0x1)
uPolicies-explorer: NoSMMyPictures = 1 (0x1)
uPolicies-explorer: NoStartMenuMyMusic = 1 (0x1)
uPolicies-explorer: NoFavoritesMenu = 1 (0x1)
IE: Free YouTube to Mp3 Converter
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: c:\program files\iobit\advanced systemcare 3\SPICtrl.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Notify: igfxcui - igfxsrvc.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-10-15 11608]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-10-15 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-10-15 267944]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-10-15 61960]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2009-6-4 171032]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2009-6-4 171032]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-4 1324056]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-4 1324056]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-4 72728]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-4 72728]
S4 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2010-10-18 79360]

=============== Created Last 30 ================

2010-12-12 06:13:23 -------- d-----w- C:\My MuZik
2010-12-07 20:13:57 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-12-07 20:13:56 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-12-07 20:13:56 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-12-07 20:13:56 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-12-07 18:12:39 -------- d-----w- c:\program files\PokerStars
2010-12-07 15:41:43 -------- d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-12-07 15:41:31 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2010-12-07 15:41:31 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2010-12-07 15:41:31 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2010-12-07 15:41:31 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2010-12-07 15:41:31 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2010-12-07 15:41:31 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2010-12-07 15:41:31 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2010-11-30 02:05:18 -------- d-----w- c:\docume~1\owner\applic~1\FrostWire
2010-11-30 02:04:46 -------- d-----w- c:\program files\FrostWire
2010-11-30 02:04:36 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-30 02:04:36 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-26 15:37:52 -------- d-sh--w- c:\windows\ftpcache
2010-11-18 00:42:27 -------- d-----w- c:\docume~1\owner\applic~1\HybridReverb2
2010-11-17 20:31:44 54272 ----a-w- c:\windows\system32\vcomp90.dll
2010-11-17 20:31:40 -------- d-----w- c:\program files\Steinberg
2010-11-17 20:31:40 -------- d-----w- c:\program files\HybridReverb2
2010-11-17 20:28:14 -------- d-----w- c:\program files\common files\Resource
2010-11-17 03:10:08 -------- d-----w- c:\program files\SuperWave

==================== Find3M ====================

2010-11-04 00:21:40 118784 ----a-w- c:\windows\dsdxirmv.exe
2010-10-19 04:19:03 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2010-10-19 04:19:02 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2010-10-18 17:52:16 286720 ----a-w- c:\windows\iun506.exe
2010-10-18 03:15:26 720896 ----a-w- c:\windows\iun6002.exe
2010-09-18 17:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll

============= FINISH: 5:45:25.12 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:03:03 PM

Posted 23 December 2010 - 11:33 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
Download DDS by sUBs from one of the following links. Save it to your desktop.
DDS.scr
DDS.pif
Double click on the DDS icon, allow it to run.
A small box will open, with an explaination about the tool. No input is needed, the scan is running.
Notepad will open with the results.
Follow the instructions that pop up for posting the results.
Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:


Why we request you disable CD Emulation when receiving Malware Removal Advice

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.

Best Regards,
oneof4.

Best Regards,
oneof4.


#3 smoketwibz

smoketwibz
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Rochester, MN
  • Local time:02:03 PM

Posted 24 December 2010 - 07:43 AM

i have resolved the issue thank you.

#4 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:03 PM

Posted 24 December 2010 - 03:40 PM

Thanks for telling us. :thumbup2:
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users