Author Topic: HJT; S&D; SAS; MBAM; ST Logs (Do I have a virus?)  (Read 14807 times)

0 Members and 1 Guest are viewing this topic.

Offline !Donovan

  • Web Analyst
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2220
    • The WAR Against Malware
HJT; S&D; SAS; MBAM; ST Logs (Do I have a virus?)
« on: April 25, 2009, 07:26:51 PM »
I think I have a virus on my PC because of so many processes running at the same time.
Part 1 - Hijack This:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:24:06 PM, on 4/25/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows SteadyState\SCTSvc.exe
C:\Program Files\MegaCool\SomethingforU\aswUpdSv.exe
C:\Program Files\MegaCool\SomethingforU\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\MegaCool\SomethingforU\ashMaiSv.exe
C:\Program Files\MegaCool\SomethingforU\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\MegaCool\SOMETH~1\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\Program Files\CamStudio\Recorder.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Beta - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar Beta - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [Bubble] "%ProgramFiles%\Windows SteadyState\Bubble.exe"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [eFax 4.3] "C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" /R
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\MegaCool\SOMETH~1\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\WEB2~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: PackageCab - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15009/CTSUEng.cab
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx
« Last Edit: April 26, 2009, 07:20:57 PM by Donovansrb10 »
Familiarize Yourself! | Educate Yourself! | Beautify Yourself! | Scan Yourself!
"People who say it cannot be done should not interrupt those who are doing it."

Offline !Donovan

  • Web Analyst
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2220
    • The WAR Against Malware
Re: So many hidden processes running...
« Reply #1 on: April 25, 2009, 07:27:30 PM »
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1193516774250
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1193516760546
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exe
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/gamemanager/DIGGameManager.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15010/CTPID.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\MegaCool\SomethingforU\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\MegaCool\SomethingforU\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\MegaCool\SomethingforU\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\MegaCool\SomethingforU\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: IMSafer (ImSaferService) - Unknown owner - C:\Documents and Settings\Lockeruper22\Desktop\IMSafer\bin\imsc.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10807 bytes
Familiarize Yourself! | Educate Yourself! | Beautify Yourself! | Scan Yourself!
"People who say it cannot be done should not interrupt those who are doing it."

Offline !Donovan

  • Web Analyst
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2220
    • The WAR Against Malware
Re: So many hidden processes running...
« Reply #2 on: April 25, 2009, 07:48:33 PM »
Part 2 - Spybot Search & Destroy:

Warnings:
When it said that I had 229 tempary internet files, it tried to remove them all but 8 could not be removed.

Log File:
Right Media: Tracking cookie (Internet Explorer: Donovan) (Cookie, fixed)
 


--- Spybot - Search & Destroy version: 1.6.2  (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-04-19 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-01-26 advcheck.dll (1.6.2.15)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2009-03-25 Includes\Adware.sbi (*)
2009-03-25 Includes\AdwareC.sbi (*)
2009-01-22 Includes\Cookies.sbi (*)
2009-03-31 Includes\Dialer.sbi (*)
2009-03-25 Includes\DialerC.sbi (*)
2009-01-22 Includes\HeavyDuty.sbi (*)
2009-02-10 Includes\Hijackers.sbi (*)
2009-03-03 Includes\HijackersC.sbi (*)
2009-03-17 Includes\Keyloggers.sbi (*)
2009-03-17 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2009-04-07 Includes\Malware.sbi (*)
2009-04-14 Includes\MalwareC.sbi (*)
2009-03-25 Includes\PUPS.sbi (*)
2009-03-31 Includes\PUPSC.sbi (*)
2009-01-22 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2009-03-23 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2009-04-07 Includes\Spyware.sbi (*)
2009-04-07 Includes\SpywareC.sbi (*)
2009-04-07 Includes\Tracks.uti
2009-04-15 Includes\Trojans.sbi (*)
2009-04-14 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
Familiarize Yourself! | Educate Yourself! | Beautify Yourself! | Scan Yourself!
"People who say it cannot be done should not interrupt those who are doing it."

Offline !Donovan

  • Web Analyst
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2220
    • The WAR Against Malware
Re: HijackThis Log; SpyBot S&D Log; Full Scan on MBAM & SAS Soon!
« Reply #3 on: April 25, 2009, 11:23:48 PM »
Part 3 - Super Anti-Spyware:
All I got were 5 tracking cookies, nothing harmful. Will edit this post with the MBAM log after MBAM finishes scanning!

Part 4 - Malwarebytes' Anti-Malware:
Malwarebytes' Anti-Malware 1.36
Database version: 1959
Windows 5.1.2600 Service Pack 3

4/25/2009 7:55:23 PM
mbam-log-2009-04-25 (19-55-23).txt

Scan type: Full Scan (C:\|D:\|G:\|)
Objects scanned: 301997
Time elapsed: 2 hour(s), 0 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
« Last Edit: April 26, 2009, 01:56:27 AM by Donovansrb10 »
Familiarize Yourself! | Educate Yourself! | Beautify Yourself! | Scan Yourself!
"People who say it cannot be done should not interrupt those who are doing it."

Offline !Donovan

  • Web Analyst
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2220
    • The WAR Against Malware
Re: Do I have a virus? HJT; MBAM; SS&D; SAS Logs
« Reply #4 on: April 26, 2009, 02:10:01 AM »
Guess what? I downloaded Spyware Termenator and selected Scan and guess what? its at 50% and it says that over 782 objects are infected! How in the world did those viruses get there?!!??!?!
Familiarize Yourself! | Educate Yourself! | Beautify Yourself! | Scan Yourself!
"People who say it cannot be done should not interrupt those who are doing it."

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 81907
  • No support PMs thanks
Re: Do I have a virus? HJT; MBAM; SS&D; SAS Logs
« Reply #5 on: April 26, 2009, 02:15:20 AM »
Without a a few common samples of what it says are infected I couldn't even hazard a guess.

File name, location and malware name, etc. ???

One thing for sure I would tend to agree with SAS over ST.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 19.7.2388 (build: 19.7.4674.526)/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ WinPatrol+/

Offline !Donovan

  • Web Analyst
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2220
    • The WAR Against Malware
Re: Do I have a virus? HJT; MBAM; SS&D; SAS Logs
« Reply #6 on: April 26, 2009, 02:40:02 AM »
Without a a few common samples of what it says are infected I couldn't even hazard a guess.

File name, location and malware name, etc. ???

One thing for sure I would tend to agree with SAS over ST.

I'll post the filenames and location and malware name after it finishes.
Familiarize Yourself! | Educate Yourself! | Beautify Yourself! | Scan Yourself!
"People who say it cannot be done should not interrupt those who are doing it."

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 81907
  • No support PMs thanks
Re: Do I have a virus? HJT; MBAM; SS&D; SAS Logs
« Reply #7 on: April 26, 2009, 03:18:24 AM »
Don't post them all (782 and counting), just some common ones to get an idea of what it is detecting.

It is just after 2:15am here and I'm calling it a night, hopefully someone can pick up on this in the meantime.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 19.7.2388 (build: 19.7.4674.526)/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ WinPatrol+/

Offline !Donovan

  • Web Analyst
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2220
    • The WAR Against Malware
Re: Do I have a virus? HJT; MBAM; SS&D; SAS Logs
« Reply #8 on: April 26, 2009, 03:55:16 AM »
NOOO I LOST THE LOG FILE!!!!!!!!!!!!!!!!!! Anyways, its 9:53PM where I am. ;D Sorry I didn't click on the copy to clipboard button hard enough. :(
All I can tell you is that it was about 1,319 viruses/malware found.
« Last Edit: April 26, 2009, 04:23:29 AM by Donovansrb10 »
Familiarize Yourself! | Educate Yourself! | Beautify Yourself! | Scan Yourself!
"People who say it cannot be done should not interrupt those who are doing it."

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 81907
  • No support PMs thanks
Unfortunately without information speculation isn't really useful.

Though I simply can't believe this was all viruses/malware that both SAS and MBAM would have missed.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 19.7.2388 (build: 19.7.4674.526)/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ WinPatrol+/

Offline !Donovan

  • Web Analyst
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2220
    • The WAR Against Malware
Unfortunately without information speculation isn't really useful.

Though I simply can't believe this was all viruses/malware that both SAS and MBAM would have missed.

I'm still scaning with Spyware Terminator.
Familiarize Yourself! | Educate Yourself! | Beautify Yourself! | Scan Yourself!
"People who say it cannot be done should not interrupt those who are doing it."

Offline !Donovan

  • Web Analyst
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2220
    • The WAR Against Malware
Logfile of Spyware Terminator v2.5.6.316 (db:3.004.024.000)
Scan Time: 4/25/2009 8:36:45 PM  length: 4353 s
Platform: WXP (5.1.0.2600)
User: Admin
Boot Mode: Normal
Scan type: Ultra Scanner
Scanned Objects: 204263 (Critical:0)
Filter: No System items, No Safe items, No Invalid items

Running Processes
aswUpdSv.exe [ALWIL Software] : C:\Program Files\MegaCool\SomethingforU\aswUpdSv.exe
ashServ.exe [ALWIL Software] : C:\Program Files\MegaCool\SomethingforU\ashServ.exe
jqs.exe [Sun Microsystems, Inc.] : C:\Program Files\Java\jre6\bin\jqs.exe
LxrJD31s.exe : C:\WINDOWS\system32\LxrJD31s.exe
uphclean.exe [Microsoft Corporation] : C:\Program Files\UPHClean\uphclean.exe
ViewpointService.exe [Viewpoint Corporation] : C:\Program Files\Viewpoint\Common\ViewpointService.exe
ashDisp.exe [ALWIL Software] : C:\Program Files\MegaCool\SomethingforU\ashDisp.exe
ashMaiSv.exe [ALWIL Software] : C:\Program Files\MegaCool\SomethingforU\ashMaiSv.exe
ashWebSv.exe [ALWIL Software] : C:\Program Files\MegaCool\SomethingforU\ashWebSv.exe
wltuser.exe [Microsoft Corporation] : C:\Program Files\Windows Live\Toolbar\wltuser.exe

Internet Settings
R - HKLM\Software\Microsoft\Internet Explorer\Main, Start Page = http://www.msn.com/
R - HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R - HKLM\Software\Microsoft\Internet Explorer\Search, CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
R - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings, ProxyOverride = *.local
R - HKLM\System\CurrentControlSet\Services\Tcpip\Parameters, Domain =
R - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony, DomainName =

BHO
02 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} -  [Ask.com] : C:\Program Files\AskBarDis\bar\bin\askBar.dll
02 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -  [Microsoft Corp.] : C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
02 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -  [Against Intuition Oy] : C:\Program Files\WOT\WOT.dll
02 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  [Sun Microsystems, Inc.] : C:\Program Files\Java\jre6\bin\jp2ssv.dll
02 - BHO: Windows Live Toolbar Beta - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} -  [Microsoft Corporation] : C:\Program Files\Windows Live\Toolbar\wltcore.dll
02 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -  [Sun Microsystems, Inc.] : C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

Toolbars
03 - Toolbar: &Windows Live Toolbar Beta - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  [Microsoft Corporation] : C:\Program Files\Windows Live\Toolbar\wltcore.dll
03 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} -  [Against Intuition Oy] : C:\Program Files\WOT\WOT.dll
03 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} -  [Ask.com] : C:\Program Files\AskBarDis\bar\bin\askBar.dll

StartUps
04 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, msnmsgr :  [Microsoft Corporation] : C:\Program Files\WINDOWS LIVE\MESSENGER\MSNMSGR.EXE
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, eFax 4.3 :  [j2 Global Communications, Inc.] : C:\Program Files\EFAX MESSENGER 4.3\J2GDLLCMD.EXE
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, avast! :  [ALWIL Software] : C:\Program Files\MegaCool\SomethingforU\ashDisp.exe
04 - Startup:  : C:\Documents and Settings\Donovan\Start Menu\Programs\Startup\desktop.ini
04 - Startup:  : C:\Documents and Settings\Donovan\Start Menu\Programs\Startup\Secunia PSI.lnk
04 - Startup:  : C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\desktop.ini

Shell Extensions
HotShellExt - {6872d785-fe43-44cb-9b2a-2df4c5eb13b2} -  [j2 Global Communications, Inc.] : C:\Program Files\eFax Messenger 4.3\J2GShell.dll
Web Sites - {AB4F43CA-ADCD-4384-B9AF-3CECEA7D6544} -  [Microsoft Corporation] : C:\Program Files\Common Files\Microsoft Shared\web server extensions\12\BIN\FPNSE.DLL
CLSID_WLMCMimeFilter - {0563DB41-F538-4B37-A92D-4659049B7766} -  [Microsoft Corporation] : C:\Program Files\Windows Live\Mail\mailcomm.dll
 - {06A2568A-CED6-4187-BB20-400B8C02BE5A} -  [Microsoft Corporation] : C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe
Windows Live Photo Gallery Viewer Autoplay Shim - {00F33137-EE26-412F-8D71-F84E4C2C6625} -  [Microsoft Corporation] : C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
Windows Live Photo Gallery Autoplay Drop Target - {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} -  [Microsoft Corporation] : C:\Program Files\WINDOWS LIVE\PHOTO GALLERY\WLXPHOTOGALLERY.EXE
Windows Live Photo Gallery Editor Drop Target - {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} -  [Microsoft Corporation] : C:\Program Files\WINDOWS LIVE\PHOTO GALLERY\WLXPHOTOGALLERY.EXE
Windows Live Photo Gallery Viewer Drop Target - {00F374B7-B390-4884-B372-2FC349F2172B} -  [Microsoft Corporation] : C:\Program Files\WINDOWS LIVE\PHOTO GALLERY\WLXPHOTOGALLERY.EXE
Windows Live Photo Gallery Viewer Shim - {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} -  [Microsoft Corporation] : C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
Windows Live Photo Gallery Editor Shim - {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} -  [Microsoft Corporation] : C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
Windows Live Photo Gallery Viewer Autoplay Shim - {00F30F90-3E96-453B-AFCD-D71989ECC2C7} -  [Microsoft Corporation] : C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
avast - {472083B0-C522-11CF-8763-00608CC02F24} -  [ALWIL Software] : C:\Program Files\MegaCool\SomethingforU\ashShell.dll

Protocol Handler
 - {828030A1-22C1-4009-854F-8E305202313F} -  [Microsoft Corporation] : C:\Program Files\Windows Live\Messenger\msgrapp.14.0.5027.0908.dll
 - {828030A1-22C1-4009-854F-8E305202313F} -  [Microsoft Corporation] : C:\Program Files\Windows Live\Messenger\msgrapp.14.0.5027.0908.dll
Windows Live Mail HTML Asynchronous Pluggable Protocol Handler - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} -  [Microsoft Corporation] : C:\Program Files\Windows Live\Mail\mailcomm.dll
WOT Protocol - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} -  [Against Intuition Oy] : C:\Program Files\WOT\WOT.dll

Services
23 - [ALWIL Software] : C:\Program Files\MegaCool\SomethingforU\aswUpdSv.exe
23 - [ALWIL Software] : C:\Program Files\MegaCool\SomethingforU\ashServ.exe
23 - [ALWIL Software] : C:\Program Files\MegaCool\SomethingforU\ashMaiSv.exe
23 - [ALWIL Software] : C:\Program Files\MegaCool\SomethingforU\ashWebSv.exe
23 - [Creative Technology Ltd] : C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
23 - [Deterministic Networks, Inc.] : C:\WINDOWS\system32\DRIVERS\dne2000.sys
23 - [Sun Microsystems, Inc.] : C:\Program Files\Java\jre6\bin\jqs.exe
23 - : C:\WINDOWS\system32\Drivers\LxrJD31d.sys
23 - : C:\WINDOWS\system32\LxrJD31s.exe
23 - [Dell Computer Corporation] : C:\WINDOWS\system32\DRIVERS\OMCI.SYS
23 - [Creative Technology Ltd.] : C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
23 - [Creative Technology Ltd.] : C:\WINDOWS\system32\drivers\P16X.sys
23 - [Creative Technology Ltd.] : C:\WINDOWS\system32\drivers\PfModNT.sys
23 - [SonicWALL, Inc.] : C:\WINDOWS\system32\Drivers\RCFOX.sys
23 - [Protection Technology] : C:\WINDOWS\system32\drivers\sfdrv01.sys
23 - [Protection Technology] : C:\WINDOWS\system32\drivers\sfhlp02.sys
23 - [Protection Technology] : C:\WINDOWS\system32\drivers\sfsync02.sys
23 - [Protection Technology] : C:\WINDOWS\system32\drivers\sfvfs02.sys
23 - [Microsoft Corporation] : C:\Program Files\UPHClean\uphclean.exe
23 - [USR] : C:\WINDOWS\system32\DRIVERS\usrwlan.sys
23 - [Microsoft Corporation] : C:\WINDOWS\system32\Drivers\VCFFltr.SYS
23 - [Viewpoint Corporation] : C:\Program Files\Viewpoint\Common\ViewpointService.exe
23 - [America Online, Inc.] : C:\WINDOWS\system32\DRIVERS\wanatw4.sys
23 - [Crawler.com] : C:\WINDOWS\system32\drivers\sp_rsdrv2.sys

Threat Files
<Java(tm) Plug-In 2 SSV Helper ( BHO )> (User Threat) [Sun Microsystems, Inc.] : C:\Program Files\Java\jre6\bin\jp2ssv.dll
<JQSIEStartDetectorImpl Class ( BHO )> (User Threat) [Sun Microsystems, Inc.] : C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
<&Windows Live Toolbar Beta ( Toolbar )> (User Threat) [Microsoft Corporation] : C:\Program Files\Windows Live\Toolbar\wltcore.dll
<Search Helper ( BHO )> (User Threat) [Microsoft Corp.] : C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

Advanced Files Report
%PROGRAMFILES%\MegaCool\SomethingforU\aswUpdSv.exe [ALWIL Software] [avast! Antivirus] MD5=B4253776EE034F6770FCEE32C28490B0 SIZE=18752
%PROGRAMFILES%\MegaCool\SomethingforU\aswCmnS.dll [ALWIL Software] [avast! Antivirus] MD5=A702AF52B8E8BF225AD045812A84A1CC SIZE=192512
%PROGRAMFILES%\MegaCool\SomethingforU\aswCmnOS.dll [ALWIL Software] [avast! Antivirus] MD5=1CD561EE4D3232A166BEE03642936EB0 SIZE=86016
%PROGRAMFILES%\MegaCool\SomethingforU\aswCmnB.dll [ALWIL Software] [avast! Antivirus] MD5=6E4A9A1B2458AF79ED5A6F6B4D5F05A7 SIZE=131072
Familiarize Yourself! | Educate Yourself! | Beautify Yourself! | Scan Yourself!
"People who say it cannot be done should not interrupt those who are doing it."

Offline !Donovan

  • Web Analyst
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2220
    • The WAR Against Malware
%PROGRAMFILES%\MegaCool\SomethingforU\ashServ.exe [ALWIL Software] [avast! Antivirus] MD5=62889D40A3FB1A9012428E16FE0DC67A SIZE=138680
%PROGRAMFILES%\MegaCool\SomethingforU\aswAux.dll [ALWIL Software] [avast! Antivirus] MD5=21A351ED932412EF932CBA212AFE3006 SIZE=659456
%PROGRAMFILES%\MegaCool\SomethingforU\aswEngin.dll [ALWIL Software] [avast! Antivirus] MD5=4BCB75FD3867AAD4EB88FBAD5907F5EC SIZE=1302528
%PROGRAMFILES%\MegaCool\SomethingforU\aswScan.dll [ALWIL Software] [avast! Antivirus] MD5=22212F66C6BC1C9BE47BB25ABEF3D3A4 SIZE=86016
%PROGRAMFILES%\MegaCool\SomethingforU\ashBase.dll [ALWIL Software] [avast! Antivirus] MD5=89B9356D481C73B588F50CBDBDF7C211 SIZE=225280
%PROGRAMFILES%\MegaCool\SomethingforU\ashTask.dll [ALWIL Software] [avast! Antivirus] MD5=E142416D38AD3DBA1DE1C9B065A7720C SIZE=118784
%PROGRAMFILES%\MegaCool\SomethingforU\aswInteg.dll [ALWIL Software] [avast! Antivirus] MD5=38B82EC805FEC2CAAE22D98D09841979 SIZE=23040
%PROGRAMFILES%\MegaCool\SomethingforU\aswIdle.dll [ALWIL Software] [avast! Antivirus] MD5=31DA6A3F2C40B5CFB17250AEE00FCBF0 SIZE=11584
%PROGRAMFILES%\MegaCool\SomethingforU\Aavm4h.dll [ALWIL Software] [avast! Antivirus] MD5=6A36CC7569D86958C388F0B2D9FF119C SIZE=225280
%PROGRAMFILES%\MegaCool\SomethingforU\AavmRpch.dll [ALWIL Software] [avast! Antivirus] MD5=7AFA82757CAF4808119AE08F62AE8E6B SIZE=20992
%PROGRAMFILES%\MegaCool\SomethingforU\English\Base.dll [ALWIL Software] [avast! Antivirus] MD5=22972E006680A2C2933F204C8B3E375B SIZE=61440
%PROGRAMFILES%\MegaCool\SomethingforU\AhResJs.dll [ALWIL Software] [avast! Antivirus] MD5=947A388208076299E9FF9250BF9D98CD SIZE=24576
%PROGRAMFILES%\MegaCool\SomethingforU\AhResMai.dll [ALWIL Software] [avast! Antivirus] MD5=F7A4E13A16B5304E1B715E898FA64C6B SIZE=35840
%PROGRAMFILES%\MegaCool\SomethingforU\ahResMes.dll [ALWIL Software] [avast! Antivirus] MD5=8F4D907FEF1145206783B8BA4690AC28 SIZE=32768
%PROGRAMFILES%\MegaCool\SomethingforU\AhResNS.dll [ALWIL Software] [avast! Antivirus] MD5=0683A9A1B6B255DCA643C6DC10139F98 SIZE=35840
%PROGRAMFILES%\MegaCool\SomethingforU\AhResOut.dll [ALWIL Software] [avast! Antivirus] MD5=86F256F7F7B4BBE6B5BACFBC6401A9C2 SIZE=29696
%PROGRAMFILES%\MegaCool\SomethingforU\ahResP2P.dll [ALWIL Software] [avast! Antivirus] MD5=F5FF002B9EAA6B6CF0BE9F5A403BEB69 SIZE=33280
%PROGRAMFILES%\MegaCool\SomethingforU\AhResStd.dll [ALWIL Software] [avast! Antivirus] MD5=907DA762B2238AAEC9399A9A903FE7CF SIZE=43008
%PROGRAMFILES%\MegaCool\SomethingforU\AhResWS.dll [ALWIL Software] [avast! Antivirus] MD5=F610E9FF91C228D6CB34E58D107E811A SIZE=53248
%PROGRAMFILES%\MegaCool\SomethingforU\ashSSqlt.dll [ALWIL Software] [avast! Antivirus] MD5=16C3ED761EEB1236F17043A440545183 SIZE=233472
%PROGRAMFILES%\MegaCool\SomethingforU\AhJsctNs.dll [ALWIL Software] [avast! Antivirus] MD5=5477A0978C10AC75F3C2A749FD1E9270 SIZE=139264
%PROGRAMFILES%\MegaCool\SomethingforU\aswRes.dll [ALWIL Software] [avast! Antivirus] MD5=B065081AAC207A9B72AEB2E6A7D76852 SIZE=147456
%PROGRAMFILES%\Java\jre6\bin\jqs.exe [Sun Microsystems, Inc.] [Java(TM) Platform SE 6 U10] MD5=5FD5865DC1A2100F8D4CF000EE5409A3 SIZE=152984
%SYSDIR%\LxrJD31s.exe MD5=1AC5196D662AAA87E994E35F760F90B8 SIZE=53248
%PROGRAMFILES%\UPHClean\uphclean.exe [Microsoft Corporation] [User Profile Hive Cleanup Service] MD5=3F9A3232E5F942874488981F3242C989 SIZE=241725
%PROGRAMFILES%\Viewpoint\Common\ViewpointService.exe [Viewpoint Corporation] [Viewpoint Manager] MD5=5F974FDE801C73952770736BECDE11E7 SIZE=24652
%PROGRAMFILES%\MegaCool\SomethingforU\ashShell.dll [ALWIL Software] [avast! Antivirus] MD5=AFD818A04153C72270530B9BD524F064 SIZE=76880
%PROGRAMFILES%\MegaCool\SomethingforU\English\Lang.dll [ALWIL Software] [avast! Antivirus] MD5=757798240BCF43BA60AE21AEF339DB52 SIZE=2531328
%PROGRAMFILES%\megacool\somethingforu\ahruijs.dll [ALWIL Software] [avast! Antivirus] MD5=C648B0A68949CEB42D2833823B20DC7F SIZE=32768
%PROGRAMFILES%\MegaCool\SomethingforU\ashUInt.dll [ALWIL Software] [avast! Antivirus] MD5=C53C83CC3D8D318F52D179FEB4CE4E23 SIZE=331776
%PROGRAMFILES%\MegaCool\SomethingforU\XT1922.dll [Codejock Software] [XTToolkit Dynamic Link Library] MD5=9EABDC15170B37F0C6D07D53B9ED64EA SIZE=917504
%PROGRAMFILES%\megacool\somethingforu\ahruimai.dll [ALWIL Software] [avast! Antivirus] MD5=6ED98D9C94B470A33FD9DCAC407EBC7A SIZE=94208
%PROGRAMFILES%\megacool\somethingforu\ahruimes.dll [ALWIL Software] [avast! Antivirus] MD5=ED8F3906195A21C196BA5272A7377528 SIZE=57344
%PROGRAMFILES%\megacool\somethingforu\ahruins.dll [ALWIL Software] [avast! Antivirus] MD5=FEF1D67F2A23FF31C68B288FC19520A5 SIZE=57344
%PROGRAMFILES%\megacool\somethingforu\ahruiout.dll [ALWIL Software] [avast! Antivirus] MD5=408199AE1A154619796206513E94064E SIZE=118784
%PROGRAMFILES%\megacool\somethingforu\ahruip2p.dll [ALWIL Software] [avast! Antivirus] MD5=F9B89574DC85717E6B2938E9DF123641 SIZE=22528
%PROGRAMFILES%\megacool\somethingforu\ahruistd.dll [ALWIL Software] [avast! Antivirus] MD5=2D1EFAFD9F7E937F54E8BD5CC59325AF SIZE=57344
%PROGRAMFILES%\megacool\somethingforu\ahruiws.dll [ALWIL Software] [avast! Antivirus] MD5=EB0F2609F0DC3A01801EB8679C02CDCB SIZE=49152
%PROGRAMFILES%\MegaCool\SomethingforU\AavmGuih.dll [ALWIL Software] [avast! Antivirus] MD5=1B299230E0249715E899C7B4A02C55E6 SIZE=188416
%APPDATA%\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL MD5=11AB72D5D603DB401C190B454FB935A7 SIZE=117760
%SYSDIR%\Macromed\Flash\Flash10b.ocx [Adobe Systems, Inc.] [Shockwave Flash] MD5=8AFC17155ED5AB60B7C52D7F553D579C SIZE=3866528
%PROGRAMFILES%\MegaCool\SomethingforU\ashMaiSv.exe [ALWIL Software] [avast! Antivirus] MD5=F09461C8ECCACE33C271CC229F11E281 SIZE=254040
%PROGRAMFILES%\MegaCool\SomethingforU\English\langmai.dll [ALWIL Software] [avast! Antivirus] MD5=B4906363ED123B3A5BB489DFF35D72C6 SIZE=57344
%PROGRAMFILES%\MegaCool\SomethingforU\ashWebSv.exe [ALWIL Software] [avast! Antivirus] MD5=23CA3E54474AE5FFDBC0F97B9E1815DB SIZE=352920
%PROGRAMFILES%\MegaCool\SomethingforU\ashWsFtr.dll [ALWIL Software] [avast! Antivirus] MD5=B73C6A1F766AF214628B0ACDDD0670DA SIZE=49152
%PROGRAMFILES%\Windows Live\Toolbar\wltuser.exe [Microsoft Corporation] [Windows Live Toolbar Beta] MD5=0EA028E10115FA39B22A178913E7147C SIZE=134160
%STARTUP%\desktop.ini MD5=D6A6856702E3F0953E7246A9B4A9FE35 SIZE=84
%STARTUP%\Secunia PSI.lnk MD5=FE6DA52A6C18A8C488DC69D9CBFFE8DB SIZE=720
%STARTUPALL%\desktop.ini MD5=D6A6856702E3F0953E7246A9B4A9FE35 SIZE=84
deskpan.dll
%PROGRAMFILES%\eFax Messenger 4.3\J2GShell.dll [j2 Global Communications, Inc.] [eFax Messenger (tm)] MD5=8A6C54AF2DE49909488315027F9AAA74 SIZE=110080
%COMMONFILES%\Microsoft Shared\web server extensions\12\BIN\FPNSE.DLL [Microsoft Corporation] [2007 Microsoft Office system] MD5=3D83D16D00FCEDCB6FD1A60139E06590 SIZE=421264
%PROGRAMFILES%\Windows Live\Mail\mailcomm.dll [Microsoft Corporation] [Windows Live Mail] MD5=79DB4384FAC86529506F52DFE6EE497D SIZE=823808
Familiarize Yourself! | Educate Yourself! | Beautify Yourself! | Scan Yourself!
"People who say it cannot be done should not interrupt those who are doing it."

Offline !Donovan

  • Web Analyst
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2220
    • The WAR Against Malware
%PROGRAMFILES%\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Microsoft Corporation] [Windows Live® Photo Gallery] MD5=8490C7D7D104F84D4CD5CF3F0BCC8806 SIZE=234528
%PROGRAMFILES%\Windows Live\Photo Gallery\PhotoViewerShim.dll [Microsoft Corporation] [Windows Live® Photo Gallery] MD5=10DFC43C8B22DDFE1E002776BF04331E SIZE=46112
%PROGRAMFILES%\WINDOWS LIVE\PHOTO GALLERY\WLXPHOTOGALLERY.EXE [Microsoft Corporation] [Windows Live® Photo Gallery] MD5=6A72C40E5DB59770D5815583D641A2D9 SIZE=119296
%SYSDIR%\svchost.exe -k netsvcs
%SYSDIR%\DRIVERS\ctsfm2k.sys [Creative Technology Ltd] [Creative Audio Product] MD5=B459AE4AFCA570088ADDDBE55EABBC92 SIZE=130192
%SYSDIR%\svchost -k DcomLaunch
%SYSDIR%\DRIVERS\dne2000.sys [Deterministic Networks, Inc.] MD5=812F9714B6D2D93078BF4D126167C5BA SIZE=128144
%SYSDIR%\svchost.exe -k NetworkService
%SYSDIR%\svchost.exe -k LocalService
%SYSDIR%\Drivers\LxrJD31d.sys MD5=3F6F7993AE46ADED2DB2886ED3080C80 SIZE=69824
%SYSDIR%\DRIVERS\OMCI.SYS [Dell Computer Corporation] [OMCI Driver] MD5=CEC7E2C6C1FA00C7AB2F5434F848AE51 SIZE=13632
%SYSDIR%\DRIVERS\ctoss2k.sys [Creative Technology Ltd.] [Creative Audio Product] MD5=C720C25B2D0C93DC425155F5B6A707F3 SIZE=178672
%SYSDIR%\drivers\P16X.sys [Creative Technology Ltd.] [Creative SB Live! P16X Series(WDM)] MD5=2B1BECA354A2ED1030F00CAEFD6F839D SIZE=1329920
%SYSDIR%\drivers\PfModNT.sys [Creative Technology Ltd.] [PfModNT] MD5=C8A2D6FF660AC601B7BB9A9B16A5C25E SIZE=15840
%SYSDIR%\Drivers\RCFOX.sys [SonicWALL, Inc.] [RCFOX IPSec Driver] MD5=02B4C051D302A6E291EBDCC07A5FB594 SIZE=101528
%SYSDIR%\svchost -k rpcss
%SYSDIR%\drivers\sfdrv01.sys [Protection Technology] [StarForce Protection System] MD5=4C0D673281178CB496011A2E28571FC8 SIZE=50688
%SYSDIR%\drivers\sfhlp02.sys [Protection Technology] [StarForce Protection System] MD5=15BE2B5E4DC5B8623CF167720682ABC9 SIZE=6656
%SYSDIR%\drivers\sfsync02.sys [Protection Technology] [StarForce Protection System] MD5=EFEBBC1D13FDB77A6AF4EDDFC7232EDF SIZE=19968
%SYSDIR%\drivers\sfvfs02.sys [Protection Technology] [StarForce Protection System] MD5=9EF50060CC7E6953BAB83F2A42CCC421 SIZE=66048
%SYSDIR%\svchost.exe -k imgsvc
%SYSDIR%\DRIVERS\usrwlan.sys [USR] [22M Wireless LAN Adapter] MD5=4C9FD563E3F44FBC3BE9CD04FB986368 SIZE=155392
%SYSDIR%\Drivers\VCFFltr.SYS [Microsoft Corporation] [Windows SteadyState] MD5=FBC1D96DC597659542CA678E02302976 SIZE=254208
%SYSDIR%\DRIVERS\wanatw4.sys [America Online, Inc.] [Wan Miniport (ATW)] MD5=0A716C08CB13C3A8F4F51E882DBF7416 SIZE=33588
%SYSDIR%\SearchIndexer.exe \Embedding
%SYSDIR%\drivers\sp_rsdrv2.sys [Crawler.com] [Spyware Terminator] MD5=8831252BCF05FCFB5ABD116A22E552D8 SIZE=142592
%PROGRAMFILES%\Windows Live\Messenger\msgrapp.14.0.5027.0908.dll [Microsoft Corporation] [Windows Live Messenger Protocol Handler Module] MD5=8F52BDC9B2ADFF3A99E1CBE60D86042A SIZE=64000

End of Report
Familiarize Yourself! | Educate Yourself! | Beautify Yourself! | Scan Yourself!
"People who say it cannot be done should not interrupt those who are doing it."

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 81907
  • No support PMs thanks
Re: HJT; S&D; SAS; MBAM; ST Logs (Do I have a virus?)
« Reply #14 on: April 26, 2009, 08:10:37 PM »
So where are these 1200+ viruses then, there is nothing to show it in the log.

The only questionable thing is the Threat Files section and this is rubbish, I don't see how the JAVA entries can be considered a threat. The others also appear to be legit entries.

I haven't a clue what it means by Advanced Files Report, or what purpose it serves. If they aren't infected or a Threat I can see no reason to report anything unless it is to show it is doing something.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 19.7.2388 (build: 19.7.4674.526)/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ WinPatrol+/