Avast WEBforum
Other => Viruses and worms => Topic started by: !Donovan on April 25, 2009, 07:26:51 PM
-
I think I have a virus on my PC because of so many processes running at the same time.
Part 1 - Hijack This:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:24:06 PM, on 4/25/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows SteadyState\SCTSvc.exe
C:\Program Files\MegaCool\SomethingforU\aswUpdSv.exe
C:\Program Files\MegaCool\SomethingforU\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\MegaCool\SomethingforU\ashMaiSv.exe
C:\Program Files\MegaCool\SomethingforU\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\MegaCool\SOMETH~1\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\Program Files\CamStudio\Recorder.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Mozilla Firefox\firefox.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Beta - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar Beta - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [Bubble] "%ProgramFiles%\Windows SteadyState\Bubble.exe"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [eFax 4.3] "C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\MegaCool\SOMETH~1\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\WEB2~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: PackageCab - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15009/CTSUEng.cab
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx
-
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1193516774250
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1193516760546
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exe
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/gamemanager/DIGGameManager.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15010/CTPID.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\MegaCool\SomethingforU\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\MegaCool\SomethingforU\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\MegaCool\SomethingforU\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\MegaCool\SomethingforU\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: IMSafer (ImSaferService) - Unknown owner - C:\Documents and Settings\Lockeruper22\Desktop\IMSafer\bin\imsc.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 10807 bytes
-
Part 2 - Spybot Search & Destroy:
Warnings:
When it said that I had 229 tempary internet files, it tried to remove them all but 8 could not be removed.
Log File:
Right Media: Tracking cookie (Internet Explorer: Donovan) (Cookie, fixed)
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-04-19 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-01-26 advcheck.dll (1.6.2.15)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2009-03-25 Includes\Adware.sbi (*)
2009-03-25 Includes\AdwareC.sbi (*)
2009-01-22 Includes\Cookies.sbi (*)
2009-03-31 Includes\Dialer.sbi (*)
2009-03-25 Includes\DialerC.sbi (*)
2009-01-22 Includes\HeavyDuty.sbi (*)
2009-02-10 Includes\Hijackers.sbi (*)
2009-03-03 Includes\HijackersC.sbi (*)
2009-03-17 Includes\Keyloggers.sbi (*)
2009-03-17 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2009-04-07 Includes\Malware.sbi (*)
2009-04-14 Includes\MalwareC.sbi (*)
2009-03-25 Includes\PUPS.sbi (*)
2009-03-31 Includes\PUPSC.sbi (*)
2009-01-22 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2009-03-23 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2009-04-07 Includes\Spyware.sbi (*)
2009-04-07 Includes\SpywareC.sbi (*)
2009-04-07 Includes\Tracks.uti
2009-04-15 Includes\Trojans.sbi (*)
2009-04-14 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
-
Part 3 - Super Anti-Spyware:
All I got were 5 tracking cookies, nothing harmful. Will edit this post with the MBAM log after MBAM finishes scanning!
Part 4 - Malwarebytes' Anti-Malware:
Malwarebytes' Anti-Malware 1.36
Database version: 1959
Windows 5.1.2600 Service Pack 3
4/25/2009 7:55:23 PM
mbam-log-2009-04-25 (19-55-23).txt
Scan type: Full Scan (C:\|D:\|G:\|)
Objects scanned: 301997
Time elapsed: 2 hour(s), 0 minute(s), 34 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
-
Guess what? I downloaded Spyware Termenator and selected Scan and guess what? its at 50% and it says that over 782 objects are infected! How in the world did those viruses get there?!!??!?!
-
Without a a few common samples of what it says are infected I couldn't even hazard a guess.
File name, location and malware name, etc. ???
One thing for sure I would tend to agree with SAS over ST.
-
Without a a few common samples of what it says are infected I couldn't even hazard a guess.
File name, location and malware name, etc. ???
One thing for sure I would tend to agree with SAS over ST.
I'll post the filenames and location and malware name after it finishes.
-
Don't post them all (782 and counting), just some common ones to get an idea of what it is detecting.
It is just after 2:15am here and I'm calling it a night, hopefully someone can pick up on this in the meantime.
-
NOOO I LOST THE LOG FILE!!!!!!!!!!!!!!!!!! Anyways, its 9:53PM where I am. ;D Sorry I didn't click on the copy to clipboard button hard enough. :(
All I can tell you is that it was about 1,319 viruses/malware found.
-
Unfortunately without information speculation isn't really useful.
Though I simply can't believe this was all viruses/malware that both SAS and MBAM would have missed.
-
Unfortunately without information speculation isn't really useful.
Though I simply can't believe this was all viruses/malware that both SAS and MBAM would have missed.
I'm still scaning with Spyware Terminator.
-
Logfile of Spyware Terminator v2.5.6.316 (db:3.004.024.000)
Scan Time: 4/25/2009 8:36:45 PM length: 4353 s
Platform: WXP (5.1.0.2600)
User: Admin
Boot Mode: Normal
Scan type: Ultra Scanner
Scanned Objects: 204263 (Critical:0)
Filter: No System items, No Safe items, No Invalid items
Running Processes
aswUpdSv.exe [ALWIL Software] : C:\Program Files\MegaCool\SomethingforU\aswUpdSv.exe
ashServ.exe [ALWIL Software] : C:\Program Files\MegaCool\SomethingforU\ashServ.exe
jqs.exe [Sun Microsystems, Inc.] : C:\Program Files\Java\jre6\bin\jqs.exe
LxrJD31s.exe : C:\WINDOWS\system32\LxrJD31s.exe
uphclean.exe [Microsoft Corporation] : C:\Program Files\UPHClean\uphclean.exe
ViewpointService.exe [Viewpoint Corporation] : C:\Program Files\Viewpoint\Common\ViewpointService.exe
ashDisp.exe [ALWIL Software] : C:\Program Files\MegaCool\SomethingforU\ashDisp.exe
ashMaiSv.exe [ALWIL Software] : C:\Program Files\MegaCool\SomethingforU\ashMaiSv.exe
ashWebSv.exe [ALWIL Software] : C:\Program Files\MegaCool\SomethingforU\ashWebSv.exe
wltuser.exe [Microsoft Corporation] : C:\Program Files\Windows Live\Toolbar\wltuser.exe
Internet Settings
R - HKLM\Software\Microsoft\Internet Explorer\Main, Start Page = http://www.msn.com/
R - HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R - HKLM\Software\Microsoft\Internet Explorer\Search, CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
R - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings, ProxyOverride = *.local
R - HKLM\System\CurrentControlSet\Services\Tcpip\Parameters, Domain =
R - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony, DomainName =
BHO
02 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - [Ask.com] : C:\Program Files\AskBarDis\bar\bin\askBar.dll
02 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - [Microsoft Corp.] : C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
02 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - [Against Intuition Oy] : C:\Program Files\WOT\WOT.dll
02 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - [Sun Microsystems, Inc.] : C:\Program Files\Java\jre6\bin\jp2ssv.dll
02 - BHO: Windows Live Toolbar Beta - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - [Microsoft Corporation] : C:\Program Files\Windows Live\Toolbar\wltcore.dll
02 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - [Sun Microsystems, Inc.] : C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
Toolbars
03 - Toolbar: &Windows Live Toolbar Beta - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - [Microsoft Corporation] : C:\Program Files\Windows Live\Toolbar\wltcore.dll
03 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - [Against Intuition Oy] : C:\Program Files\WOT\WOT.dll
03 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - [Ask.com] : C:\Program Files\AskBarDis\bar\bin\askBar.dll
StartUps
04 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, msnmsgr : [Microsoft Corporation] : C:\Program Files\WINDOWS LIVE\MESSENGER\MSNMSGR.EXE
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, eFax 4.3 : [j2 Global Communications, Inc.] : C:\Program Files\EFAX MESSENGER 4.3\J2GDLLCMD.EXE
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, avast! : [ALWIL Software] : C:\Program Files\MegaCool\SomethingforU\ashDisp.exe
04 - Startup: : C:\Documents and Settings\Donovan\Start Menu\Programs\Startup\desktop.ini
04 - Startup: : C:\Documents and Settings\Donovan\Start Menu\Programs\Startup\Secunia PSI.lnk
04 - Startup: : C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\desktop.ini
Shell Extensions
HotShellExt - {6872d785-fe43-44cb-9b2a-2df4c5eb13b2} - [j2 Global Communications, Inc.] : C:\Program Files\eFax Messenger 4.3\J2GShell.dll
Web Sites - {AB4F43CA-ADCD-4384-B9AF-3CECEA7D6544} - [Microsoft Corporation] : C:\Program Files\Common Files\Microsoft Shared\web server extensions\12\BIN\FPNSE.DLL
CLSID_WLMCMimeFilter - {0563DB41-F538-4B37-A92D-4659049B7766} - [Microsoft Corporation] : C:\Program Files\Windows Live\Mail\mailcomm.dll
- {06A2568A-CED6-4187-BB20-400B8C02BE5A} - [Microsoft Corporation] : C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe
Windows Live Photo Gallery Viewer Autoplay Shim - {00F33137-EE26-412F-8D71-F84E4C2C6625} - [Microsoft Corporation] : C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
Windows Live Photo Gallery Autoplay Drop Target - {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} - [Microsoft Corporation] : C:\Program Files\WINDOWS LIVE\PHOTO GALLERY\WLXPHOTOGALLERY.EXE
Windows Live Photo Gallery Editor Drop Target - {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} - [Microsoft Corporation] : C:\Program Files\WINDOWS LIVE\PHOTO GALLERY\WLXPHOTOGALLERY.EXE
Windows Live Photo Gallery Viewer Drop Target - {00F374B7-B390-4884-B372-2FC349F2172B} - [Microsoft Corporation] : C:\Program Files\WINDOWS LIVE\PHOTO GALLERY\WLXPHOTOGALLERY.EXE
Windows Live Photo Gallery Viewer Shim - {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} - [Microsoft Corporation] : C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
Windows Live Photo Gallery Editor Shim - {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} - [Microsoft Corporation] : C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
Windows Live Photo Gallery Viewer Autoplay Shim - {00F30F90-3E96-453B-AFCD-D71989ECC2C7} - [Microsoft Corporation] : C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
avast - {472083B0-C522-11CF-8763-00608CC02F24} - [ALWIL Software] : C:\Program Files\MegaCool\SomethingforU\ashShell.dll
Protocol Handler
- {828030A1-22C1-4009-854F-8E305202313F} - [Microsoft Corporation] : C:\Program Files\Windows Live\Messenger\msgrapp.14.0.5027.0908.dll
- {828030A1-22C1-4009-854F-8E305202313F} - [Microsoft Corporation] : C:\Program Files\Windows Live\Messenger\msgrapp.14.0.5027.0908.dll
Windows Live Mail HTML Asynchronous Pluggable Protocol Handler - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - [Microsoft Corporation] : C:\Program Files\Windows Live\Mail\mailcomm.dll
WOT Protocol - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - [Against Intuition Oy] : C:\Program Files\WOT\WOT.dll
Services
23 - [ALWIL Software] : C:\Program Files\MegaCool\SomethingforU\aswUpdSv.exe
23 - [ALWIL Software] : C:\Program Files\MegaCool\SomethingforU\ashServ.exe
23 - [ALWIL Software] : C:\Program Files\MegaCool\SomethingforU\ashMaiSv.exe
23 - [ALWIL Software] : C:\Program Files\MegaCool\SomethingforU\ashWebSv.exe
23 - [Creative Technology Ltd] : C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
23 - [Deterministic Networks, Inc.] : C:\WINDOWS\system32\DRIVERS\dne2000.sys
23 - [Sun Microsystems, Inc.] : C:\Program Files\Java\jre6\bin\jqs.exe
23 - : C:\WINDOWS\system32\Drivers\LxrJD31d.sys
23 - : C:\WINDOWS\system32\LxrJD31s.exe
23 - [Dell Computer Corporation] : C:\WINDOWS\system32\DRIVERS\OMCI.SYS
23 - [Creative Technology Ltd.] : C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
23 - [Creative Technology Ltd.] : C:\WINDOWS\system32\drivers\P16X.sys
23 - [Creative Technology Ltd.] : C:\WINDOWS\system32\drivers\PfModNT.sys
23 - [SonicWALL, Inc.] : C:\WINDOWS\system32\Drivers\RCFOX.sys
23 - [Protection Technology] : C:\WINDOWS\system32\drivers\sfdrv01.sys
23 - [Protection Technology] : C:\WINDOWS\system32\drivers\sfhlp02.sys
23 - [Protection Technology] : C:\WINDOWS\system32\drivers\sfsync02.sys
23 - [Protection Technology] : C:\WINDOWS\system32\drivers\sfvfs02.sys
23 - [Microsoft Corporation] : C:\Program Files\UPHClean\uphclean.exe
23 - [USR] : C:\WINDOWS\system32\DRIVERS\usrwlan.sys
23 - [Microsoft Corporation] : C:\WINDOWS\system32\Drivers\VCFFltr.SYS
23 - [Viewpoint Corporation] : C:\Program Files\Viewpoint\Common\ViewpointService.exe
23 - [America Online, Inc.] : C:\WINDOWS\system32\DRIVERS\wanatw4.sys
23 - [Crawler.com] : C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
Threat Files
<Java(tm) Plug-In 2 SSV Helper ( BHO )> (User Threat) [Sun Microsystems, Inc.] : C:\Program Files\Java\jre6\bin\jp2ssv.dll
<JQSIEStartDetectorImpl Class ( BHO )> (User Threat) [Sun Microsystems, Inc.] : C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
<&Windows Live Toolbar Beta ( Toolbar )> (User Threat) [Microsoft Corporation] : C:\Program Files\Windows Live\Toolbar\wltcore.dll
<Search Helper ( BHO )> (User Threat) [Microsoft Corp.] : C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
Advanced Files Report
%PROGRAMFILES%\MegaCool\SomethingforU\aswUpdSv.exe [ALWIL Software] [avast! Antivirus] MD5=B4253776EE034F6770FCEE32C28490B0 SIZE=18752
%PROGRAMFILES%\MegaCool\SomethingforU\aswCmnS.dll [ALWIL Software] [avast! Antivirus] MD5=A702AF52B8E8BF225AD045812A84A1CC SIZE=192512
%PROGRAMFILES%\MegaCool\SomethingforU\aswCmnOS.dll [ALWIL Software] [avast! Antivirus] MD5=1CD561EE4D3232A166BEE03642936EB0 SIZE=86016
%PROGRAMFILES%\MegaCool\SomethingforU\aswCmnB.dll [ALWIL Software] [avast! Antivirus] MD5=6E4A9A1B2458AF79ED5A6F6B4D5F05A7 SIZE=131072
-
%PROGRAMFILES%\MegaCool\SomethingforU\ashServ.exe [ALWIL Software] [avast! Antivirus] MD5=62889D40A3FB1A9012428E16FE0DC67A SIZE=138680
%PROGRAMFILES%\MegaCool\SomethingforU\aswAux.dll [ALWIL Software] [avast! Antivirus] MD5=21A351ED932412EF932CBA212AFE3006 SIZE=659456
%PROGRAMFILES%\MegaCool\SomethingforU\aswEngin.dll [ALWIL Software] [avast! Antivirus] MD5=4BCB75FD3867AAD4EB88FBAD5907F5EC SIZE=1302528
%PROGRAMFILES%\MegaCool\SomethingforU\aswScan.dll [ALWIL Software] [avast! Antivirus] MD5=22212F66C6BC1C9BE47BB25ABEF3D3A4 SIZE=86016
%PROGRAMFILES%\MegaCool\SomethingforU\ashBase.dll [ALWIL Software] [avast! Antivirus] MD5=89B9356D481C73B588F50CBDBDF7C211 SIZE=225280
%PROGRAMFILES%\MegaCool\SomethingforU\ashTask.dll [ALWIL Software] [avast! Antivirus] MD5=E142416D38AD3DBA1DE1C9B065A7720C SIZE=118784
%PROGRAMFILES%\MegaCool\SomethingforU\aswInteg.dll [ALWIL Software] [avast! Antivirus] MD5=38B82EC805FEC2CAAE22D98D09841979 SIZE=23040
%PROGRAMFILES%\MegaCool\SomethingforU\aswIdle.dll [ALWIL Software] [avast! Antivirus] MD5=31DA6A3F2C40B5CFB17250AEE00FCBF0 SIZE=11584
%PROGRAMFILES%\MegaCool\SomethingforU\Aavm4h.dll [ALWIL Software] [avast! Antivirus] MD5=6A36CC7569D86958C388F0B2D9FF119C SIZE=225280
%PROGRAMFILES%\MegaCool\SomethingforU\AavmRpch.dll [ALWIL Software] [avast! Antivirus] MD5=7AFA82757CAF4808119AE08F62AE8E6B SIZE=20992
%PROGRAMFILES%\MegaCool\SomethingforU\English\Base.dll [ALWIL Software] [avast! Antivirus] MD5=22972E006680A2C2933F204C8B3E375B SIZE=61440
%PROGRAMFILES%\MegaCool\SomethingforU\AhResJs.dll [ALWIL Software] [avast! Antivirus] MD5=947A388208076299E9FF9250BF9D98CD SIZE=24576
%PROGRAMFILES%\MegaCool\SomethingforU\AhResMai.dll [ALWIL Software] [avast! Antivirus] MD5=F7A4E13A16B5304E1B715E898FA64C6B SIZE=35840
%PROGRAMFILES%\MegaCool\SomethingforU\ahResMes.dll [ALWIL Software] [avast! Antivirus] MD5=8F4D907FEF1145206783B8BA4690AC28 SIZE=32768
%PROGRAMFILES%\MegaCool\SomethingforU\AhResNS.dll [ALWIL Software] [avast! Antivirus] MD5=0683A9A1B6B255DCA643C6DC10139F98 SIZE=35840
%PROGRAMFILES%\MegaCool\SomethingforU\AhResOut.dll [ALWIL Software] [avast! Antivirus] MD5=86F256F7F7B4BBE6B5BACFBC6401A9C2 SIZE=29696
%PROGRAMFILES%\MegaCool\SomethingforU\ahResP2P.dll [ALWIL Software] [avast! Antivirus] MD5=F5FF002B9EAA6B6CF0BE9F5A403BEB69 SIZE=33280
%PROGRAMFILES%\MegaCool\SomethingforU\AhResStd.dll [ALWIL Software] [avast! Antivirus] MD5=907DA762B2238AAEC9399A9A903FE7CF SIZE=43008
%PROGRAMFILES%\MegaCool\SomethingforU\AhResWS.dll [ALWIL Software] [avast! Antivirus] MD5=F610E9FF91C228D6CB34E58D107E811A SIZE=53248
%PROGRAMFILES%\MegaCool\SomethingforU\ashSSqlt.dll [ALWIL Software] [avast! Antivirus] MD5=16C3ED761EEB1236F17043A440545183 SIZE=233472
%PROGRAMFILES%\MegaCool\SomethingforU\AhJsctNs.dll [ALWIL Software] [avast! Antivirus] MD5=5477A0978C10AC75F3C2A749FD1E9270 SIZE=139264
%PROGRAMFILES%\MegaCool\SomethingforU\aswRes.dll [ALWIL Software] [avast! Antivirus] MD5=B065081AAC207A9B72AEB2E6A7D76852 SIZE=147456
%PROGRAMFILES%\Java\jre6\bin\jqs.exe [Sun Microsystems, Inc.] [Java(TM) Platform SE 6 U10] MD5=5FD5865DC1A2100F8D4CF000EE5409A3 SIZE=152984
%SYSDIR%\LxrJD31s.exe MD5=1AC5196D662AAA87E994E35F760F90B8 SIZE=53248
%PROGRAMFILES%\UPHClean\uphclean.exe [Microsoft Corporation] [User Profile Hive Cleanup Service] MD5=3F9A3232E5F942874488981F3242C989 SIZE=241725
%PROGRAMFILES%\Viewpoint\Common\ViewpointService.exe [Viewpoint Corporation] [Viewpoint Manager] MD5=5F974FDE801C73952770736BECDE11E7 SIZE=24652
%PROGRAMFILES%\MegaCool\SomethingforU\ashShell.dll [ALWIL Software] [avast! Antivirus] MD5=AFD818A04153C72270530B9BD524F064 SIZE=76880
%PROGRAMFILES%\MegaCool\SomethingforU\English\Lang.dll [ALWIL Software] [avast! Antivirus] MD5=757798240BCF43BA60AE21AEF339DB52 SIZE=2531328
%PROGRAMFILES%\megacool\somethingforu\ahruijs.dll [ALWIL Software] [avast! Antivirus] MD5=C648B0A68949CEB42D2833823B20DC7F SIZE=32768
%PROGRAMFILES%\MegaCool\SomethingforU\ashUInt.dll [ALWIL Software] [avast! Antivirus] MD5=C53C83CC3D8D318F52D179FEB4CE4E23 SIZE=331776
%PROGRAMFILES%\MegaCool\SomethingforU\XT1922.dll [Codejock Software] [XTToolkit Dynamic Link Library] MD5=9EABDC15170B37F0C6D07D53B9ED64EA SIZE=917504
%PROGRAMFILES%\megacool\somethingforu\ahruimai.dll [ALWIL Software] [avast! Antivirus] MD5=6ED98D9C94B470A33FD9DCAC407EBC7A SIZE=94208
%PROGRAMFILES%\megacool\somethingforu\ahruimes.dll [ALWIL Software] [avast! Antivirus] MD5=ED8F3906195A21C196BA5272A7377528 SIZE=57344
%PROGRAMFILES%\megacool\somethingforu\ahruins.dll [ALWIL Software] [avast! Antivirus] MD5=FEF1D67F2A23FF31C68B288FC19520A5 SIZE=57344
%PROGRAMFILES%\megacool\somethingforu\ahruiout.dll [ALWIL Software] [avast! Antivirus] MD5=408199AE1A154619796206513E94064E SIZE=118784
%PROGRAMFILES%\megacool\somethingforu\ahruip2p.dll [ALWIL Software] [avast! Antivirus] MD5=F9B89574DC85717E6B2938E9DF123641 SIZE=22528
%PROGRAMFILES%\megacool\somethingforu\ahruistd.dll [ALWIL Software] [avast! Antivirus] MD5=2D1EFAFD9F7E937F54E8BD5CC59325AF SIZE=57344
%PROGRAMFILES%\megacool\somethingforu\ahruiws.dll [ALWIL Software] [avast! Antivirus] MD5=EB0F2609F0DC3A01801EB8679C02CDCB SIZE=49152
%PROGRAMFILES%\MegaCool\SomethingforU\AavmGuih.dll [ALWIL Software] [avast! Antivirus] MD5=1B299230E0249715E899C7B4A02C55E6 SIZE=188416
%APPDATA%\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL MD5=11AB72D5D603DB401C190B454FB935A7 SIZE=117760
%SYSDIR%\Macromed\Flash\Flash10b.ocx [Adobe Systems, Inc.] [Shockwave Flash] MD5=8AFC17155ED5AB60B7C52D7F553D579C SIZE=3866528
%PROGRAMFILES%\MegaCool\SomethingforU\ashMaiSv.exe [ALWIL Software] [avast! Antivirus] MD5=F09461C8ECCACE33C271CC229F11E281 SIZE=254040
%PROGRAMFILES%\MegaCool\SomethingforU\English\langmai.dll [ALWIL Software] [avast! Antivirus] MD5=B4906363ED123B3A5BB489DFF35D72C6 SIZE=57344
%PROGRAMFILES%\MegaCool\SomethingforU\ashWebSv.exe [ALWIL Software] [avast! Antivirus] MD5=23CA3E54474AE5FFDBC0F97B9E1815DB SIZE=352920
%PROGRAMFILES%\MegaCool\SomethingforU\ashWsFtr.dll [ALWIL Software] [avast! Antivirus] MD5=B73C6A1F766AF214628B0ACDDD0670DA SIZE=49152
%PROGRAMFILES%\Windows Live\Toolbar\wltuser.exe [Microsoft Corporation] [Windows Live Toolbar Beta] MD5=0EA028E10115FA39B22A178913E7147C SIZE=134160
%STARTUP%\desktop.ini MD5=D6A6856702E3F0953E7246A9B4A9FE35 SIZE=84
%STARTUP%\Secunia PSI.lnk MD5=FE6DA52A6C18A8C488DC69D9CBFFE8DB SIZE=720
%STARTUPALL%\desktop.ini MD5=D6A6856702E3F0953E7246A9B4A9FE35 SIZE=84
deskpan.dll
%PROGRAMFILES%\eFax Messenger 4.3\J2GShell.dll [j2 Global Communications, Inc.] [eFax Messenger (tm)] MD5=8A6C54AF2DE49909488315027F9AAA74 SIZE=110080
%COMMONFILES%\Microsoft Shared\web server extensions\12\BIN\FPNSE.DLL [Microsoft Corporation] [2007 Microsoft Office system] MD5=3D83D16D00FCEDCB6FD1A60139E06590 SIZE=421264
%PROGRAMFILES%\Windows Live\Mail\mailcomm.dll [Microsoft Corporation] [Windows Live Mail] MD5=79DB4384FAC86529506F52DFE6EE497D SIZE=823808
-
%PROGRAMFILES%\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Microsoft Corporation] [Windows Live® Photo Gallery] MD5=8490C7D7D104F84D4CD5CF3F0BCC8806 SIZE=234528
%PROGRAMFILES%\Windows Live\Photo Gallery\PhotoViewerShim.dll [Microsoft Corporation] [Windows Live® Photo Gallery] MD5=10DFC43C8B22DDFE1E002776BF04331E SIZE=46112
%PROGRAMFILES%\WINDOWS LIVE\PHOTO GALLERY\WLXPHOTOGALLERY.EXE [Microsoft Corporation] [Windows Live® Photo Gallery] MD5=6A72C40E5DB59770D5815583D641A2D9 SIZE=119296
%SYSDIR%\svchost.exe -k netsvcs
%SYSDIR%\DRIVERS\ctsfm2k.sys [Creative Technology Ltd] [Creative Audio Product] MD5=B459AE4AFCA570088ADDDBE55EABBC92 SIZE=130192
%SYSDIR%\svchost -k DcomLaunch
%SYSDIR%\DRIVERS\dne2000.sys [Deterministic Networks, Inc.] MD5=812F9714B6D2D93078BF4D126167C5BA SIZE=128144
%SYSDIR%\svchost.exe -k NetworkService
%SYSDIR%\svchost.exe -k LocalService
%SYSDIR%\Drivers\LxrJD31d.sys MD5=3F6F7993AE46ADED2DB2886ED3080C80 SIZE=69824
%SYSDIR%\DRIVERS\OMCI.SYS [Dell Computer Corporation] [OMCI Driver] MD5=CEC7E2C6C1FA00C7AB2F5434F848AE51 SIZE=13632
%SYSDIR%\DRIVERS\ctoss2k.sys [Creative Technology Ltd.] [Creative Audio Product] MD5=C720C25B2D0C93DC425155F5B6A707F3 SIZE=178672
%SYSDIR%\drivers\P16X.sys [Creative Technology Ltd.] [Creative SB Live! P16X Series(WDM)] MD5=2B1BECA354A2ED1030F00CAEFD6F839D SIZE=1329920
%SYSDIR%\drivers\PfModNT.sys [Creative Technology Ltd.] [PfModNT] MD5=C8A2D6FF660AC601B7BB9A9B16A5C25E SIZE=15840
%SYSDIR%\Drivers\RCFOX.sys [SonicWALL, Inc.] [RCFOX IPSec Driver] MD5=02B4C051D302A6E291EBDCC07A5FB594 SIZE=101528
%SYSDIR%\svchost -k rpcss
%SYSDIR%\drivers\sfdrv01.sys [Protection Technology] [StarForce Protection System] MD5=4C0D673281178CB496011A2E28571FC8 SIZE=50688
%SYSDIR%\drivers\sfhlp02.sys [Protection Technology] [StarForce Protection System] MD5=15BE2B5E4DC5B8623CF167720682ABC9 SIZE=6656
%SYSDIR%\drivers\sfsync02.sys [Protection Technology] [StarForce Protection System] MD5=EFEBBC1D13FDB77A6AF4EDDFC7232EDF SIZE=19968
%SYSDIR%\drivers\sfvfs02.sys [Protection Technology] [StarForce Protection System] MD5=9EF50060CC7E6953BAB83F2A42CCC421 SIZE=66048
%SYSDIR%\svchost.exe -k imgsvc
%SYSDIR%\DRIVERS\usrwlan.sys [USR] [22M Wireless LAN Adapter] MD5=4C9FD563E3F44FBC3BE9CD04FB986368 SIZE=155392
%SYSDIR%\Drivers\VCFFltr.SYS [Microsoft Corporation] [Windows SteadyState] MD5=FBC1D96DC597659542CA678E02302976 SIZE=254208
%SYSDIR%\DRIVERS\wanatw4.sys [America Online, Inc.] [Wan Miniport (ATW)] MD5=0A716C08CB13C3A8F4F51E882DBF7416 SIZE=33588
%SYSDIR%\SearchIndexer.exe \Embedding
%SYSDIR%\drivers\sp_rsdrv2.sys [Crawler.com] [Spyware Terminator] MD5=8831252BCF05FCFB5ABD116A22E552D8 SIZE=142592
%PROGRAMFILES%\Windows Live\Messenger\msgrapp.14.0.5027.0908.dll [Microsoft Corporation] [Windows Live Messenger Protocol Handler Module] MD5=8F52BDC9B2ADFF3A99E1CBE60D86042A SIZE=64000
End of Report
-
So where are these 1200+ viruses then, there is nothing to show it in the log.
The only questionable thing is the Threat Files section and this is rubbish, I don't see how the JAVA entries can be considered a threat. The others also appear to be legit entries.
I haven't a clue what it means by Advanced Files Report, or what purpose it serves. If they aren't infected or a Threat I can see no reason to report anything unless it is to show it is doing something.
-
So where are these 1200+ viruses then, there is nothing to show it in the log.
The only questionable thing is the Threat Files section and this is rubbish, I don't see how the JAVA entries can be considered a threat. The others also appear to be legit entries.
I haven't a clue what it means by Advanced Files Report, or what purpose it serves. If they aren't infected or a Threat I can see no reason to report anything unless it is to show it is doing something.
So all those scans were useless..................................................................................................
-
What scans, you reported that ST reported 1200+ viruses, so where are they, that is all I'm saying. My comments were directly related to the ST results, nothing else.
Scans by the other scanners confirmed you were clean before you even ran ST ::)
-
What scans, you reported that ST reported 1200+ viruses, so where are they, that is all I'm saying. My comments were directly related to the ST results, nothing else.
Scans by the other scanners confirmed you were clean before you even ran ST ::)
Ummmmmm..........................................................
Is the Hijack This log useless?
-
I would ask what it is that you mean, life is too short, I give up.
-
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:45:37 PM, on 4/27/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows SteadyState\SCTSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\inetsrv\DavCData.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: (no name) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O2 - BHO: (no name) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - (no file)
O2 - BHO: (no name) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - (no file)
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
O4 - HKLM\..\Run: [Bubble] "%ProgramFiles%\Windows SteadyState\Bubble.exe"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [eFax 4.3] "C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\WEB2~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
-
O16 - DPF: PackageCab - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15009/CTSUEng.cab
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1193516774250
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1193516760546
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exe
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/gamemanager/DIGGameManager.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15010/CTPID.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: IMSafer (ImSaferService) - Unknown owner - C:\Documents and Settings\Lockeruper22\Desktop\IMSafer\bin\imsc.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 10101 bytes
-
***
An analysis of your HJT log shows the following problems :
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
Unnecessary (deactivated) entry that can be fixed.
http://www.spyandseek.com/Search.php?search_for=4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21&search=SAS-Search (first on the list)
O2 - BHO: (no name) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - (no file)
Unnecessary (deactivated) entry that can be fixed. Windows Live Toolbar beta Search Enhancement Pack
http://www.spyandseek.com/Search.php?search_for=6EBF7485-159F-4bff-A14F-B9E3AAC4465B&search=SAS-Search
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
Unnecessary (deactivated) entry that can be fixed. jp2ssv.dll - Sun_Java, http://java.sun.com/javase/downloads/ind ex.jsp browser plugin.
http://www.spyandseek.com/Search.php?search_for=DBC80044-A445-435b-BC74-9C25C1C588A9&search=SAS-Search
O2 - BHO: (no name) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - (no file)
Unnecessary (deactivated) entry that can be fixed. WindowsLive\Toolbar\wltcore.dll
http://www.spyandseek.com/Search.php?search_for=E15A8DC0-8516-42A1-81EA-DC94EC1ACF10&search=SAS-Search
O2 - BHO: (no name) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - (no file)
Unnecessary (deactivated) entry that can be fixed. jqs_plugin.dll - Java Quick Starter, https://jdk6.dev.java.net/testQS.html
http://www.spyandseek.com/Search.php?search_for=E7E6F031-17CE-4C07-BC86-EABFE594F69C&search=SAS-Search
There were several questionable entries that checked out as good.
***