Solved Need help with Conflicker virus
- Thread starter al davis
- Start date
- Status
Ok so I started with run OTL
All processes killed
========== OTL ==========
File Animation Java Classes file://C:\WINNT\Java\classes\dajava.cab not found.
Starting removal of ActiveX control DirectAnimation Java Classes
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\DirectAnimation Java Classes\ not found.
File oft XML Parser for Java file://C:\WINNT\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 2478185 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: shell32.dll unable to determine bytes removed.
Total Files Cleaned = 2.00 mb
[EMPTYFLASH]
User: Administrator
User: All Users
User: Default User
Total Flash Files Cleaned = 0.00 mb
OTL by OldTimer - Version 3.2.17.3 log created on 11192010_122528
Files\Folders moved on Reboot...
File\Folder C:\WINNT\temp\_avast4_\Webshlock.txt not found!
Registry entries deleted on Reboot...
All processes killed
========== OTL ==========
File Animation Java Classes file://C:\WINNT\Java\classes\dajava.cab not found.
Starting removal of ActiveX control DirectAnimation Java Classes
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\DirectAnimation Java Classes\ not found.
File oft XML Parser for Java file://C:\WINNT\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 2478185 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: shell32.dll unable to determine bytes removed.
Total Files Cleaned = 2.00 mb
[EMPTYFLASH]
User: Administrator
User: All Users
User: Default User
Total Flash Files Cleaned = 0.00 mb
OTL by OldTimer - Version 3.2.17.3 log created on 11192010_122528
Files\Folders moved on Reboot...
File\Folder C:\WINNT\temp\_avast4_\Webshlock.txt not found!
Registry entries deleted on Reboot...
Results of screen317's Security Check version 0.99.5
Windows 2000 Service Pack 4
Internet Explorer 5 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
avast! Antivirus
avast! successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
````````````````````````````````
Process Check:
objlist.exe by Laurent
Alwil Software Avast4 aswUpdSv.exe
Alwil Software Avast4 ashServ.exe
Alwil Software Avast4 ashDisp.exe
Alwil Software Avast4 ashMaiSv.exe
Alwil Software Avast4 ashWebSv.exe
Administrator Desktop virus_et_al SecurityCheck.exe
````````````````````````````````
DNS Vulnerability Check:
nslookup.exe missing!
GREAT! (Not vulnerable to DNS cache poisoning)
``````````End of Log````````````
Windows 2000 Service Pack 4
Internet Explorer 5 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
avast! Antivirus
avast! successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
````````````````````````````````
Process Check:
objlist.exe by Laurent
Alwil Software Avast4 aswUpdSv.exe
Alwil Software Avast4 ashServ.exe
Alwil Software Avast4 ashDisp.exe
Alwil Software Avast4 ashMaiSv.exe
Alwil Software Avast4 ashWebSv.exe
Administrator Desktop virus_et_al SecurityCheck.exe
````````````````````````````````
DNS Vulnerability Check:
nslookup.exe missing!
GREAT! (Not vulnerable to DNS cache poisoning)
``````````End of Log````````````
Broni
Posts: 56,041 +516
Your computer is clean
1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:
Run OTL
2. Now, we'll remove all tools, we used during our cleaning process
Clean up with OTL:
If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.
3. Make sure, Windows Updates are current.
4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!
5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.
6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.
7. Run Temporary File Cleaner (TFC) weekly.
8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.
9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.
10. Run defrag at your convenience.
11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
12. Please, let me know, how your computer is doing.
1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following:
Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Post resulting log.
2. Now, we'll remove all tools, we used during our cleaning process
Clean up with OTL:
- Double-click OTL.exe to start the program.
- Close all other programs apart from OTL as this step will require a reboot
- On the OTL main screen, press the CLEANUP button
- Say Yes to the prompt and then allow the program to reboot your computer.
If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.
3. Make sure, Windows Updates are current.
4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!
5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.
6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.
7. Run Temporary File Cleaner (TFC) weekly.
8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.
9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.
10. Run defrag at your convenience.
11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
12. Please, let me know, how your computer is doing.
All processes killed
========== OTL ==========
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 5822387 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: shell32.dll unable to determine bytes removed.
Total Files Cleaned = 6.00 mb
[EMPTYFLASH]
User: Administrator
User: All Users
User: Default User
Total Flash Files Cleaned = 0.00 mb
OTL by OldTimer - Version 3.2.17.3 log created on 11202010_153951
Files\Folders moved on Reboot...
File\Folder C:\WINNT\temp\_avast4_\Webshlock.txt not found!
Registry entries deleted on Reboot...
========== OTL ==========
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 5822387 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: shell32.dll unable to determine bytes removed.
Total Files Cleaned = 6.00 mb
[EMPTYFLASH]
User: Administrator
User: All Users
User: Default User
Total Flash Files Cleaned = 0.00 mb
OTL by OldTimer - Version 3.2.17.3 log created on 11202010_153951
Files\Folders moved on Reboot...
File\Folder C:\WINNT\temp\_avast4_\Webshlock.txt not found!
Registry entries deleted on Reboot...
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 5150
Windows 5.0.2195 Service Pack 4
Internet Explorer 5.00.3700.1000
11/22/2010 12:04:32 PM
mbam-log-2010-11-22 (12-04-32).txt
Scan type: Full scan (C:\|D:\|)
Objects scanned: 115602
Time elapsed: 5 minute(s), 10 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
www.malwarebytes.org
Database version: 5150
Windows 5.0.2195 Service Pack 4
Internet Explorer 5.00.3700.1000
11/22/2010 12:04:32 PM
mbam-log-2010-11-22 (12-04-32).txt
Scan type: Full scan (C:\|D:\|)
Objects scanned: 115602
Time elapsed: 5 minute(s), 10 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-11-22 12:10:59
Windows 5.0.2195 Service Pack 4
Running: bco3fvo5.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pxrdrpow.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswMon.SYS (avast! File System Filter Driver for Windows NT/2000/ALWIL Software) ZwClose [0xB755A210]
SSDT \SystemRoot\System32\Drivers\aswMon.SYS (avast! File System Filter Driver for Windows NT/2000/ALWIL Software) ZwCreateDirectoryObject [0xB755A0FC]
SSDT \SystemRoot\System32\Drivers\aswMon.SYS (avast! File System Filter Driver for Windows NT/2000/ALWIL Software) ZwCreateFile [0xB75591D2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xB78EE574]
SSDT \SystemRoot\System32\Drivers\aswMon.SYS (avast! File System Filter Driver for Windows NT/2000/ALWIL Software) ZwCreateProcess [0xB7558A6C]
SSDT \SystemRoot\System32\Drivers\aswMon.SYS (avast! File System Filter Driver for Windows NT/2000/ALWIL Software) ZwCreateSection [0xB7559B9A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xB78EEA52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xB78EE14C]
SSDT \SystemRoot\System32\Drivers\aswMon.SYS (avast! File System Filter Driver for Windows NT/2000/ALWIL Software) ZwOpenFile [0xB75596F8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xB78EE64E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xB78EE08C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xB78EE0F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xB78EE76E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xB78EE72E]
SSDT \SystemRoot\System32\Drivers\aswMon.SYS (avast! File System Filter Driver for Windows NT/2000/ALWIL Software) ZwSetInformationFile [0xB7559F26]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xB78EE8AE]
SSDT \SystemRoot\System32\Drivers\aswMon.SYS (avast! File System Filter Driver for Windows NT/2000/ALWIL Software) ZwWriteFile [0xB7559E5E]
---- Kernel code sections - GMER 1.0.15 ----
init C:\WINNT\System32\Drivers\driverx.sys entry point in "init" section [0xB77506FE]
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon.SYS (avast! File System Filter Driver for Windows NT/2000/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
---- Services - GMER 1.0.15 ----
Service C:\WINNT\system32\MSTask.exe? (*** hidden *** ) [AUTO] Schedule <-- ROOTKIT !!!
---- EOF - GMER 1.0.15 ----
Rootkit scan 2010-11-22 12:10:59
Windows 5.0.2195 Service Pack 4
Running: bco3fvo5.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pxrdrpow.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswMon.SYS (avast! File System Filter Driver for Windows NT/2000/ALWIL Software) ZwClose [0xB755A210]
SSDT \SystemRoot\System32\Drivers\aswMon.SYS (avast! File System Filter Driver for Windows NT/2000/ALWIL Software) ZwCreateDirectoryObject [0xB755A0FC]
SSDT \SystemRoot\System32\Drivers\aswMon.SYS (avast! File System Filter Driver for Windows NT/2000/ALWIL Software) ZwCreateFile [0xB75591D2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xB78EE574]
SSDT \SystemRoot\System32\Drivers\aswMon.SYS (avast! File System Filter Driver for Windows NT/2000/ALWIL Software) ZwCreateProcess [0xB7558A6C]
SSDT \SystemRoot\System32\Drivers\aswMon.SYS (avast! File System Filter Driver for Windows NT/2000/ALWIL Software) ZwCreateSection [0xB7559B9A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xB78EEA52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xB78EE14C]
SSDT \SystemRoot\System32\Drivers\aswMon.SYS (avast! File System Filter Driver for Windows NT/2000/ALWIL Software) ZwOpenFile [0xB75596F8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xB78EE64E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xB78EE08C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xB78EE0F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xB78EE76E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xB78EE72E]
SSDT \SystemRoot\System32\Drivers\aswMon.SYS (avast! File System Filter Driver for Windows NT/2000/ALWIL Software) ZwSetInformationFile [0xB7559F26]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xB78EE8AE]
SSDT \SystemRoot\System32\Drivers\aswMon.SYS (avast! File System Filter Driver for Windows NT/2000/ALWIL Software) ZwWriteFile [0xB7559E5E]
---- Kernel code sections - GMER 1.0.15 ----
init C:\WINNT\System32\Drivers\driverx.sys entry point in "init" section [0xB77506FE]
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon.SYS (avast! File System Filter Driver for Windows NT/2000/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
---- Services - GMER 1.0.15 ----
Service C:\WINNT\system32\MSTask.exe? (*** hidden *** ) [AUTO] Schedule <-- ROOTKIT !!!
---- EOF - GMER 1.0.15 ----
DDS (Ver_10-11-10.01) - NTFSx86
Run by Administrator at 12:21:30.42 on Mon 11/22/2010
Internet Explorer: 5.00.3700.1000
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.2039.1605 [GMT 0:00]
============== Running Processes ===============
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\igfxtray.exe
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImage\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Documents and Settings\Administrator\Desktop\virus_et_al\dds.scr
============== Pseudo HJT Report ===============
mRun: [Synchronization Manager] mobsync.exe /logon
mRun: [IgfxTray] c:\winnt\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\winnt\system32\hkcmd.exe
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimage\TrueImageMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimage\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
dRunOnce: [^SetupICWDesktop] c:\program files\internet explorer\connection wizard\icwconn1.exe /desktop
IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
Notify: igfxcui - igfxsrvc.dll
============= SERVICES / DRIVERS ===============
R0 Ramdisk;Ramdisk Driver;c:\winnt\system32\drivers\ramdisk.sys [2006-5-15 6995]
R1 aswSP;avast! Self Protection;c:\winnt\system32\drivers\aswSP.sys [2010-11-12 114768]
R2 aswMon;avast! Standard Shield Support;c:\winnt\system32\drivers\aswmon.sys [2010-11-12 93424]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2010-11-19 138680]
R2 DriverX;DriverX;c:\winnt\system32\drivers\driverx.sys [2006-5-15 52512]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2010-11-19 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2010-11-19 352920]
R3 dtl5933w;dtl5933w;c:\winnt\system32\drivers\dtl5933w.sys [2006-4-6 18176]
R3 E100E;E100E;c:\winnt\system32\drivers\E100ENT.sys [1999-5-27 25360]
R3 usbhub20;USB Hub Support;c:\winnt\system32\drivers\usbhub20.sys [2006-6-5 49776]
S3 yukonw2k;NDIS5 Miniport Driver for Marvell Yukon Ethernet Controller;c:\winnt\system32\drivers\yk50x86.sys [2006-5-16 243840]
=============== Created Last 30 ================
2010-11-19 12:44:15 -------- d-----w- c:\program files\ESET
2010-11-11 16:08:21 -------- d-----w- c:\docume~1\admini~1\applic~1\Malwarebytes
2010-11-11 16:08:08 38224 ----a-w- c:\winnt\system32\drivers\mbamswissarmy.sys
2010-11-11 16:08:07 19288 ----a-w- c:\winnt\system32\drivers\mbam.sys
2010-11-11 16:08:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-11 16:08:07 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
==================== Find3M ====================
============= FINISH: 12:22:12.18 ===============
Run by Administrator at 12:21:30.42 on Mon 11/22/2010
Internet Explorer: 5.00.3700.1000
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.2039.1605 [GMT 0:00]
============== Running Processes ===============
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\igfxtray.exe
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImage\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Documents and Settings\Administrator\Desktop\virus_et_al\dds.scr
============== Pseudo HJT Report ===============
mRun: [Synchronization Manager] mobsync.exe /logon
mRun: [IgfxTray] c:\winnt\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\winnt\system32\hkcmd.exe
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimage\TrueImageMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimage\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
dRunOnce: [^SetupICWDesktop] c:\program files\internet explorer\connection wizard\icwconn1.exe /desktop
IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
Notify: igfxcui - igfxsrvc.dll
============= SERVICES / DRIVERS ===============
R0 Ramdisk;Ramdisk Driver;c:\winnt\system32\drivers\ramdisk.sys [2006-5-15 6995]
R1 aswSP;avast! Self Protection;c:\winnt\system32\drivers\aswSP.sys [2010-11-12 114768]
R2 aswMon;avast! Standard Shield Support;c:\winnt\system32\drivers\aswmon.sys [2010-11-12 93424]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2010-11-19 138680]
R2 DriverX;DriverX;c:\winnt\system32\drivers\driverx.sys [2006-5-15 52512]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2010-11-19 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2010-11-19 352920]
R3 dtl5933w;dtl5933w;c:\winnt\system32\drivers\dtl5933w.sys [2006-4-6 18176]
R3 E100E;E100E;c:\winnt\system32\drivers\E100ENT.sys [1999-5-27 25360]
R3 usbhub20;USB Hub Support;c:\winnt\system32\drivers\usbhub20.sys [2006-6-5 49776]
S3 yukonw2k;NDIS5 Miniport Driver for Marvell Yukon Ethernet Controller;c:\winnt\system32\drivers\yk50x86.sys [2006-5-16 243840]
=============== Created Last 30 ================
2010-11-19 12:44:15 -------- d-----w- c:\program files\ESET
2010-11-11 16:08:21 -------- d-----w- c:\docume~1\admini~1\applic~1\Malwarebytes
2010-11-11 16:08:08 38224 ----a-w- c:\winnt\system32\drivers\mbamswissarmy.sys
2010-11-11 16:08:07 19288 ----a-w- c:\winnt\system32\drivers\mbam.sys
2010-11-11 16:08:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-11 16:08:07 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
==================== Find3M ====================
============= FINISH: 12:22:12.18 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-11-10.01)
Microsoft Windows 2000 Professional
Boot Device: \Device\Harddisk0\Partition1
Install Date:
System Uptime: 11/22/2010 11:55:11 AM (1 hours ago)
Motherboard: To be filled by O.E.M. | | To be filled by O.E.M.
Processor: Intel(R) Pentium(R) M processor 1.80GHz | CPU 1 | 1800/100mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 14 GiB total, 10.799 GiB free.
D: is FIXED (NTFS) - 1 GiB total, 0.472 GiB free.
==== Disabled Device Manager Items =============
Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: Microsoft PS/2 Mouse
Device ID: ACPI\PNP0F03\4&322E6CAA&0
Manufacturer: Microsoft
Name: Microsoft PS/2 Mouse
PNP Device ID: ACPI\PNP0F03\4&322E6CAA&0
Service: i8042prt
==== System Restore Points ===================
No restore point in system.
==== Installed Programs ======================
Acronis*True*Image
avast! Antivirus
DiskSpeed32
ESET Online Scanner v3
Intel(R) Extreme Graphics 2 Driver
Intel(R) PROSafe for Wired Connections
Malwarebytes' Anti-Malware
Microsoft Office 97, Professional Edition
Microsoft Visual C++ 6.0 Professional Edition
MSDN Library - Visual Studio 6.0a
PCI-417Wins
VNC Free Edition 4.1.2
WebFldrs
Windows 2000 Hotfix - KB917953
==== End Of File ===========================
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-11-10.01)
Microsoft Windows 2000 Professional
Boot Device: \Device\Harddisk0\Partition1
Install Date:
System Uptime: 11/22/2010 11:55:11 AM (1 hours ago)
Motherboard: To be filled by O.E.M. | | To be filled by O.E.M.
Processor: Intel(R) Pentium(R) M processor 1.80GHz | CPU 1 | 1800/100mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 14 GiB total, 10.799 GiB free.
D: is FIXED (NTFS) - 1 GiB total, 0.472 GiB free.
==== Disabled Device Manager Items =============
Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: Microsoft PS/2 Mouse
Device ID: ACPI\PNP0F03\4&322E6CAA&0
Manufacturer: Microsoft
Name: Microsoft PS/2 Mouse
PNP Device ID: ACPI\PNP0F03\4&322E6CAA&0
Service: i8042prt
==== System Restore Points ===================
No restore point in system.
==== Installed Programs ======================
Acronis*True*Image
avast! Antivirus
DiskSpeed32
ESET Online Scanner v3
Intel(R) Extreme Graphics 2 Driver
Intel(R) PROSafe for Wired Connections
Malwarebytes' Anti-Malware
Microsoft Office 97, Professional Edition
Microsoft Visual C++ 6.0 Professional Edition
MSDN Library - Visual Studio 6.0a
PCI-417Wins
VNC Free Edition 4.1.2
WebFldrs
Windows 2000 Hotfix - KB917953
==== End Of File ===========================
Broni
Posts: 56,041 +516
It looks like false positive to me.
MSTask.exe is a legit file and it seems to be in correct location.
Just for the peace of your mind....
Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders.
Upload following files to http://www.virustotal.com/ for security check:
- C:\WINNT\system32\MSTask.exe
IMPORTANT! If the file is listed as already analyzed, click on Reanalyse file now button.
Post scan results.
MSTask.exe is a legit file and it seems to be in correct location.
Just for the peace of your mind....
Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders.
Upload following files to http://www.virustotal.com/ for security check:
- C:\WINNT\system32\MSTask.exe
IMPORTANT! If the file is listed as already analyzed, click on Reanalyse file now button.
Post scan results.
A couple of things. At Tools>Folder Options>View tab I'm seeing a shortened list instead of the normal. I only see ten entries. I am able to see the file 'mstask.exe' but the upload to 'VirusTotal.com' would not start. Alternately I sent the file to 'VirScan.org' where it scanned and was reported 'No malware found'
Broni
Posts: 56,041 +516
You have a peace of mind now
In this forum, we make sure, your computer is free of malware and your computer is clean
Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
You'll get more attention.
I'll mark this topic as resolved.
- Status
Similar threads
Latest posts
-
Pioneer's latest Blu-ray drive caters to disc diehards- ZedRM replied
-
How to play PS1 Doom on PC (and why you might want to)- amghwk replied
